similar to: Rails 4: Session Expiry?

Helllo there, Can any one help me on this "Session Expiry" I just want to make the session expire when the system goes idle how do i do it yours , Narayanan.cj. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I''m having a problem switching from cookie sessions (the default) to active record sessions. I''ve created the sessions table via the rake task, uncommented the line config.action_controller.session_store = :active_record_store in my environment.rb file, cleared out my browsers cookies, restarted the server (natch), but still the it''s using cookie_store instead of

I''m implementing simple "remember me" functionality for logging in users with Rails 2.3.4. I''m trying to set the session expiration date for some time in the future. After googling around a bit I found this post which seems to address my problem: http://squarewheel.pl/posts/3 My modifications to request.session_options are being ignored. According to this discussion (

Aside from the replay attacks discussed, there are some other attack vectors on the cookie_session store. I appreciate (and admire!) Jeremy''s good humor on all of this: > Planting the seed here led to quick ripening and plenty of pesticide. > Thanks for the fish, all. > > jeremy Anyway, here''s what we came up with: 1. Brute Force SHA512 can be computed _very_ fast.

Hi Just trying to spec a Rails model that defaults a valid_until date to this time tomorrow. I''ve done something similar involving Dates, and you can stub the :today method to return something fixed. But when I tried this with Time, I found that RSpec calls Time.now four times per spec. So there''s no way to spec code like 1.days.from_now . The best I can come up

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

Not sure why I''m getting this error, cause I believe it worked yesterday before I quit and now it''s giving me this error. The last thing I did was try and get an ActionMailer thing to work. I searched through the archives but nothing seemed applicable to my error. Here''s the error I''m getting: ruby script/server => Booting Mongrel (use

Hi, There doesn''t seem to be any previous posts about this problem, I must be setting things up wrongly at very basics... Firstly, the problem... I can''t get session[] to persist with active_record_store. I enabled (config.action_controller.session_store = :active_record_store) in environment.rb and created the sessions table at my MySQL database. When I do a session[:blah] =

Hi! Before Rails 2.0 is coming, I suggest not to make CookieStore the default session storage. It stores clear-text values on the client-side and the integrity check hash can be brute-force attacked. I understand that this has been set due to speed advantages, but I believe it''s better to make better security a default. I''ve written a blog post about this

hello, I am trying to implement a "remember be" box for logins, however I cant seem to get it to work. I have tried the following 2 methods but neither seem to work. When i check the expiry time in firefox it always says "end of session". What is the proper way to handle this so the session cookie "_session_id" doesnt expire for a year? I tried

Hello can anyone tell me how to test cookies using rspec? specifically, I''d like to be able to set a cookie before a get/post request and also to test the cookies which have been set by a get/post request I know I can use cookies[:name] = ''value'' to set a cookie but how would I set expiry information on such a cookie? when i try to pass a hash {:value =>

Upgrading a Rails app from 2.2 to 2.3.2 (via 2.3.0). Got things working in the browser, but script/console seems messed up in both 2.3.0 and 2.3.2: $ script/console Loading development environment (Rails 2.3.2) /Library/Ruby/Gems/1.8/gems/rails-2.3.2/lib/initializer.rb:56:in `env'':NameError: uninitialized constant Module::ActiveSupport

Hey all. I have two apps. One is a rails3 app and the other is a rails 2 app. Using proxying I am routing actions in the myapp.com/foo to the rails2 app. It almost works! I can set a session variable and a cookie variable on the first app (myapp.com) and then read them on the second app (myapp.com/foo). It only works the first time though. If I go back to myapp.com and then revisit

I''ve just sent a pull-request to _why with my changes[1] and here is some things that I think needs to be done before a (possible) release: * The cookie session is named Camping::Session and is placed in camping/session.rb. Maybe this should be called Camping::CookieSession or??? * The ActiveRecord session is named Camping::ARSession and is placed in camping/ar/session.rb. Maybe it

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

I''m implementing a simpler version of the Cookie Session Store in Rails 2.0. If you know what that is, skip the next paragraph. A cookie session store stores the session data inside cookies, on the client, and signs them using a secret string, hashed together. The user can decode the cookie easily if they know much about computers and see what''s inside, but they

I''m getting ready to put an app into production and I''ve found a strange issue that, as far as I know, shouldn''t be happening. To me this looks like it could be a bug, but I''m not sure and I''m hoping some one here can tell me if they''ve seen this before, or can idiot- check me in that hopefully it''s just something I''ve missed

Hi, I''m a bit stuck with mocking a unit test of a join model with regards to a validates_uniqueness_of clause. I have class Book < AR:B has_many :clippings various validates_presence_of etc end class Clip < AR:B has_many :clippings various validates_presence_of etc end class Clipping < AR:B belongs_to :book belongs_to :clip validates_uniqueness_of :clip_id,

I used to have Simple Captcha installed, but since I removed it I got all kinds of problems with login. Processing UsersController#login (for 188.177.122.179 at 2010-09-19 12:21:09) [POST] Parameters: {"commit"=>"OK", "authenticity_token"=>"/ Y0aZETCsMhyI3CkrZJK6O2NaLEoi+LRe8ZuDPWU9kc=",

Is there such a thing that I could use to store sessions in the DB instead of in a cookie so that I can ensure users will be able to access their session data even across several load balancers? We use totally stateless machines here at work and I am worried about deploying a rails app in production that uses a volitile session stored on the machine. Any help is great! Happy Holidays, Mark --