Reputation: 14750
Why does Devise timedout? take a parameter?
I'm trying to make sense of the Devise source code for the timeoutable module. I'm really confused as to what's going on with the timedout? method.
Intuitively, you should be able to call user.timedout? without any parameters and it will return true if the user's session has timed out, false if not. Can someone explain what this parameter is doing?
Edit:
Ok, so it seems like this method is only able to check if a user has timed out if you already know their last access time. I guess my next question would be: what is the cleanest way to check if a different user has timed out? (not current_user). That is, how can I call timedout? in the way specified above, with no parameter?
Upvotes: 2
Views: 1041
Answers (1)
Reputation: 40277
Devise will use Warden to store the last request time (not last signed_in_time). See: https://github.com/plataformatec/devise/blob/master/lib/devise/hooks/timeoutable.rb
So if you want to duplicate this functionality, you'll need to store the last_request_time in the database and update it with each request (in an after_filter in application_controller).
Once that's there, you could add this method to the user, and use it to delegate to the devise timedout? method:
class User < ActiveRecord::Base
devise :timeoutable, :trackable #etc
def expired?
valid_until = last_access_time + 30.minutes
timedout?(valid_until)
end
end
then if you have a user:
user.expired?
Upvotes: 2
Related Questions
- Devise's "timeout_in" not working for dev only mode (Ruby on Rails)
- How to configure time out using devise?
- devise config.timeout_in not working
- RoR 3.2 devise (3.2.2) :timeoutable not working
- Devise Timeout Working, but Not Redirecting
- Devise - Timeout not working
- Server-side timeout issues with Devise
- Devise timedout error showing `true`
- Devise on Rails timeout on :token_authenticatable?
- rails 3.1, devise gem, :timeoutable is not working, why?