Reputation: 281
basic http authentication - duration of the session
I have configured basic authentication (in controller)
above everything in controller file:
before_filter :check_logged_in, :only => [:edit, :update, :destroy]
On the bottom of the file:
private
def check_logged_in
authenticate_or_request_with_http_basic("Ads") do |username, password|
username == "admin" && password == "apple"
end
end
It works like a charm, but there is one thing I don;t understand - when I provide username and password it stays logged in for a long period of time and when I click on 'delete' or 'update' for specific entries I'm not getting prompted again. I thought something went wrong, but when I opened another browser - it prompted me again, but only once, I didn;t have to authenticate for the rest. Then I thought it was a cookie issue, but nothing changed even though I deleted all the cookies in Chrome. So I got a couple of questions:
- Is there any way to say for how long I'm going to be authenticated?
- Is there any way to be prompted for authentication everytime I click on the resource mentioned here -
:check_logged_in, :only => [:edit, :update, :destroy]?
Upvotes: 4
Views: 3798
Answers (1)
Reputation: 141
HTTP basic authentication doesn´t use cookies. The login information is sent with every HTTP request to the specified web server. You are logged in until you close your web browser or delete all active logins.
Upvotes: 12
Related Questions
- Does Rails provide default session time-out duration? If yes, where is it specified?
- Rails: get session timeout
- rails authenticate_or_request_with_http_basic
- auto-session-timeout - Ruby on Rails
- How to set timeout for rails HTTP authentication?
- Rails 3 - Authlogic and expiration time on AJAX page
- Ruby on rails - Authlogic : periodically check if user session is valid
- Ruby on Rails HTTP Basic Authentication
- rails http basic authentication
- Rails 2.x http basic authentication