for your permissions problem I'd suggest the implementation of roles
or groups. that way you can add users to groups or give them roles,
which can be checked in a before_filter in your controllers.
sessions:
if you are using activerecordstore (and thus your sessions are saved
in a db-table) deleting those entries should result in a logout. there
should be configuration in your environment like this:
config.action_controller.session_store = :active_record_store
if you clean that table and you are still logged in, it seems you
store your session (or at least your login-info) inside the client-
side cookies (see cookiestore). if in doubt check your cookies for
e.g. with firebug/firecookie.
for automatical timeout and removal put the following in your
application controller:
# session-timeout after inactivity of one hour.
MAX_SESSION_PERIOD = 1800
before_filter :session_expiry
# checks and (re-)calculates expiry time for sessions
def session_expiry
# if there is a session[:expiry_time], check it
reset_session if session[:expiry_time] and session[:expiry_time] <
Time.now
# reset expiry_time
session[:expiry_time] = MAX_SESSION_PERIOD.seconds.from_now
return true
end
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
