Probably the simplest way to do this is just using an additional
before_filter, something like:
class ApplicationController < ActionController::Base
include LoginEngine; include UserEngine
before_filter :authorize_action
before_filter :expire_stale_session
def expire_stale_session
if user?
if session[:user_timestamp].nil?
session[:user_timestamp] = Time.now
return true
elsif (Time.now - session[:user_timestamp]) > 600 #seconds
session[:user] = nil # log them out
session[:user_timestamp] = nil # reset the timer
flash[:message] = "Your session has timed out. Please
re-authenticate..."
store_location # so when they do log in they come back here
access_denied # redirect them to the login page
return false # stop the filtering
end
end
end
end
... I've not tested that at all, but something along those lines
should work. To require the user to re-enter their password, you could
a line of code like below to the top of only those certain actions
(presuming that you've supplied a form on those pages which puts the
password into params[:password])
if User.authenticate(current_user.login, params[:password]).nil?
flash[:message] = "Wrong password!"
return
end
Essentially you're just checking if the current user can be
authenticated with the password they've just supplied. Again - I've
not tested that but it should be something like this.
On 1/31/06, Jonathan Waddilove <[EMAIL PROTECTED]> wrote:
> First, James thanks again for giving us these engines. This makes it so
> easy to control access to Rails sites in a flexible manner. Just what
> the Dr. ordered.
>
> I need to extensions to the basic user_engine and I am wondering if I
> have missed finding similar features in the documentation. Or failing
> that, some suggestion on how best to add this functions.
>
> I'd like to be able to expire a user's session. So for example I'd like
> to time-stamp each request from a user session and then if more than xxx
> minutes have passed I would like the user to have to log back in.
> Similarly, I would like to force the user to re-verfiy their user id and
> password for a subset of actions.
>
> Many thanks - Jonathan
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> engine-users mailing list
> [email protected]
> http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
>
--
* J *
~
_______________________________________________
engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
