Reputation: 121
Authlogic gem: use last_request_at column at session level not in user level
Problem: If I logged in as the same user on two devices(say A and B) and I use my application in one device(A) whereas the other device(B) remains inactive. The device B does not logout when the session expires while using feature logout_on_timeout.
I am trying to implement logout_on_timeout feature of authlogic gem, which I successfully implemented but the problem is authlogic updates the last_request_at attribute of User in every request no matter the browser or devices where it logged in. So if I logged in the same user from mobile as well as from desktop and one of the device is active then the other device remains active too because it uses the same shared last_request_at attribute from User.
Reference code from authlogic gem: lib/authlogic/acts_as_authentic/logged_in_status.rb
# Returns true if the last_request_at > logged_in_timeout.
def logged_in?
unless respond_to?(:last_request_at)
raise(
"Can not determine the records login state because " \
"there is no last_request_at column"
)
end
!last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
end
So How can I solve this problem? Is there any way to implement it at the session-level? Like using last_request_at in UserSession model.
Upvotes: 0
Views: 196
Answers (1)
Reputation: 121
I decided to not use the logout_on_timeout feature but rather use the remember_me feature then override the remember_me_for method in UserSession and set the dynamic value. Because logout_on_timeout uses last_request_at attribute value from the User to check if session timeout or not, and last_request_at is shared in all session, so When a user opens an app in two devices then both will remain active if one of them is active(kinda incomplete feature or bug maybe).
Also, update the session(ActiveRecord::SessionStore::Session) for the current user and change the session's data column value with the generated value from instance method generate_cookie_for_saving of UserSession at the end of each request because authlogic only update the session only when creating or deleting the UserSession.
Note: I am using activerecord-session_store gem to persist session in the database.
Upvotes: 0
Related Questions
- Ruby on Rails: how can I store additional data in the session for authlogic
- How do you tamper AuthLogic to show me the "last" last_login_at?
- Authlogic current_user_session and current_user
- Record the time a user was logged in with Authlogic
- Rails and Authlogic: Allow only one session per user?
- Authlogic: how to know last time a user came to my website
- How can I get authlogic to use the Rails session instead of its own cookie?
- last_login_at not working (null) w/ Authlogic Magic Columns
- Format Authlogic "last_login_at" string
- Finding last active time for logged in user