On 15 Aug 2011, at 11:54, Frederick Cheung wrote:
On Aug 13, 10:59 pm, "Tomas R." <[email protected]> wrote:
i have some questions about sessions store, actually im using cookie
based authentication. But i need a way to know if someone is logged
in
or not, so that's why i need DB store sessions, but my question is,
is
the a way of making this sessions expire like cookies, or beeing
permanent as cookies? is it safer or less?
db store sessions are still backed by cookies (except that the cookie
now contains the identifier for a database row) so the sessions will
expire as a cookie based one would too. You can however forcefully
expire sessions by deleting rows from your sessions table.
You still won't be able to detect whether a user has lost their
session by quitting their browser without logging out from within your
app though.
Exactly. What most CMS and forum apps do is check the updated_at
column from the sessions table and when someone has been accessing the
site within xx minutes, it assumes they are online. You could just as
well do it by touching the user object using the cookie store in your
authenticate method (maybe in a more performant way than
activerecord's, but that's up to you). If you're insisting on using
the db session store, you're probably cleaning out stale sessions that
are older than xx days, that's where you "expire" your sessions.
However, if online status is the only reason you want to use database
sessions, you shouldn't even switch. There's better ways to tackle
that problem.
If you REALLY want instant feedback on whether someone is online or
not, you'd have to implement something like Socket.IO (which uses
websockets if available, falls back to whatever it can use if not such
as Flash sockets). You then need to listen for the disconnect event on
the server to know if a user went offline. If you're totally in the
dark when it comes to two-way communication, you could have a look at
Faye (http://railscasts.com/episodes/260-messaging-with-faye). There's
some other solutions out there too (socketstream, …) or you can roll
your own in e.g. NodeJS using Socket.IO.
Best regards
Peter De Berdt
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
