Hi Matt!
My comments and questions are interspersed below.
Thanks,
Don
On 10/14/2010 8:44 PM, Matt Jones wrote:
On Oct 14, 2010, at 8:28 PM, Donald R. Ziesig wrote:
Hi All!
I need to be able to force a user to logout if the session has been idle for a
set time. (A typical pattern).
I have gotten everything working excepting being able to cause a user,
identified by the user.id field, to be logged out. That is, I create a db
record when the user logs in, and update that record every time the user
accesses the site. A cron job uses curl to interrogate the table of
user_timeouts, with no problem finding the idle users and the value of their
user.id. After that I can't seem to find the appropriate methods to force the
logout.
Help anyone?
There's not really a "Hobo-specific" way to do this; the standard method would
be to switch to the ActiveRecord session store and have a cron job periodically sweep out
old records. (then you wouldn't need the UserTimeout model)
I tried this first, but the time-stamps did not change when the users
accessed the site. I was able to force a logout by deleting the
appropriate record, but had no way of determining when the timeout occurred.
Alternatively, you could try using a before_filter on your ApplicationController that
checks for the a "last accessed" time in the session and either boots the user
or updates that time. You'd need to hook into the login method on your user controller:
def login
hobo_login do
session[:last_accessed] = Time.now
end
end
I have this working with a cron job that calls a method on the user
update controller. It can tell who has timed out, but has no way of
forcing that user to logout.
My next idea is to try both. Something like:
1) use ajax in the browser to check for timeout - this works as long as
the user doesn't kill their browser without logging out.
2) use the active_record store to kill any records over (for example) 12
hours old.
The problem is that I have a requirement to audit the times the users
are logged in, but the web protocol can't tell me when the user just
drops out.
I'll keep working on it, and if I have any success I'll hobo-ify it and
submit a patch. In the mean time, if you have any suggestions, "I'm all
ears" ;-)
Thanks again.
The first method has the advantage that it's possible to scan the sessions
table to see *who* is logged in, whereas the second method can't exactly poke
around in the cookies on the remote machines...
--Matt Jones
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
