Reputation: 6508
Rails: sign out logged in user on event
I'm using Rail3 with Devise gem. It does a great job when you need to lock user from signing in.
But it works just for new login attempts. If he is already logged in - it won't sign him out immediately.
Here's is the typical use case:
Given admin user
when detects suspicious activity of certain user he locks it with malicious_user.lock('locking-reason')
% can config/initializers/session_store.rb
AppFoo::Application.config.session_store :cookie_store, :key => '_foo_session'
Upvotes: 2
Views: 378
Answers (3)
Reputation: 672
Use a before_filter in the ApplicationController that will do the following
before_filter :kick_out_blocked_user
protected
def kick_out_blocked_user
unless current_user.try(:active?)
redirect_to destroy_user_session_path
end
end
Upvotes: 1
Reputation: 20645
Given HTTP's statelessness, you can't immediately log out a user because you will need to wait until they make another request to your server. You could get around this via a push service I suppose, but that would be overkill.
My solution would be to add that person to a blacklist and then check if they're on the blacklist whenever they try to access a section intended for logged-on users only. This will render them unable to log on until you decide whether or not their activity is suspicious.
Example:
User is suspected of intolerable activity
Admin wants to check this out, so they temporarily add the user to the blacklist.
User clicks on an area of the page they were currently on when added to the blacklist.
Code checks for loggin status and blacklisted users.
Since the user is blacklisted, they are informed that they need to sign in to access the content
Once the user tries to sign in again you can inform them that their account has been temporarily disabled (or you can do this in the previous step).
Upvotes: 1
Reputation: 9754
perhaps the easiest way would be to redirect the user to the logout action when you lock them so:
malicious_user.lock('locking-reason')
redirect_to '/logout' and return
I'm not familiar with Devise so this may not be the best solution or even possible but it's how I would approach the problem
Upvotes: 1
Related Questions
- Rails + Devise: How to catch the event of logging out a user?
- How to devise destroy session and sign out from controller?
- Sign out a devise user from a model
- Signout from a controller in rails 4
- Sign out a devise session from custom controller action (Rails)
- Sign out specific user with Devise in Rails
- Force user logout with Devise
- How to invalidate specific session at logout in Rails /w Devise?
- Rails 3 + Devise: log out user after timeout
- Conditional sign out in Rails app using Devise