Hey Mega -- I was thinking of this too, just relying on app hits to trigger a sweep. Since you're concerned about session expiration, I assume your expiration period is really short so you're right, you can't rely on someone logging in after the last person.
Maybe use both techniques? Each login resets a DB sweeper task that executes after it times out. Kevin mega wrote: > Thanks Kevin! > But I think of something... > In my desktop environment, I create another Model object call > "Session". > Instead of doing a db:migrate, I just create the model itself only > because I have the "sessions" table already in the database.(I use > Activerecord as my session_store) > And I use Session.find(:all).each do .... to sweep out all stale > sessions whenever anyone trys to login to application. > In other words, I put the house-keeping job in the login mechanism. > This idea works fine. But there is one draw-back I can think of: the > last one logs in to the system will never expire. > What do think about this idea? Any other suggestion? > > Mega > > On Apr 13, 6:28 am, Kevin Triplett <[EMAIL PROTECTED]> wrote: >> Hi -- this is an interesting issue. I've been wanting to >> learn more about scheduling automated tasks in Ruby on >> Heroku but haven't gotten there yet. My sessions tend to >> time out after a long period of time, so I haven't >> researched it thoroughly. >> >> But that won't keep me from commenting on both, since no one >> else has. ;) >> >> Dave Naffis' plugin looks reasonable, it's simple, which >> might explain why he didn't write any test code. I would be >> tempted to use it, too. >> >> Sweeping the database is a good idea, maybe even sweeping >> sessions that were created_at more than "X time ago" to >> catch attackers who hijack a session and run a script to >> keep it from expiring. >> >> For cron-like tasks, Ilya Grigorik wrote an >> article:http://www.igvita.com/2007/03/29/scheduling-tasks-in-ruby-rails/ >> >> From his article, it looks like OpenWFEru is a good choice >> and it's a standalone gem now so quite possibly Heroku may >> have it available. >> >> I would be concerned with any scheduler crashing. Make sure >> there is some way it can be restarted automatically and a >> log entry created or an email notification sent so you can >> detect problems. >> >> Good luck! >> Kevin Triplett >> >> mega wrote: >>> Dears, is there any good way to do a session expiration in Heroku? or >>> any rules to follow? >>> I'm a rookie in rails, and Heroku of course, Lately, I have just >>> created some simple apps in Heroku. I notice that there are some house- >>> keeping work to do with user sessions. Even thought I use activerecord >>> as my session_store, I still worry about possible sessions left over >>> by unpredictable end-users. Reading over articles on "rails seesion >>> expiration", I get 2 ways to do that. >>> First, setup a cron job to clear delete those expired sessions data in >>> the database. If this is the better way, then how can I set up a cron >>> job in Heroku ? >>> Secondly, install a session_expiration plugin offered by Dave Naffis >>> http://trac.intridea.com/trac/public/wiki/SessionExpiration. >>> Here is how it works: Install like "script/plugin install >>> http://svn.intridea.com/svn/public/session_expiration";, and then >>> simply declear "expire_session_in 5.minutes" in my >>> ApplicationController. >>> But the problem is, how can I install this plugin in Heroku? > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/heroku?hl=en -~----------~----~----~----~------~----~------~--~---
