Rails session timeout and redirect to sign in page

Question

I would like to do rails session timeout and redirect to sign in page after session expire.

This is my application controller and seem not working.

class ApplicationController < ActionController::Base

    protect_from_forgery with: :exception
    before_filter :session_expires, :only => [:login]

    def session_expires
      a = session[:expires_at]
      b = Time.now
      minutes = (a - b)/1.minute
      if b > a
        reset_session
        flash[:error] = 'Session Expire !'
        render "sessions/new"
      end
    end


end

I am not sure, I need to use Jquery or Ajax to make it work. Can anyone give me some idea or some good tutorial i can follow. Thank in million.

Thanks man! That works perfectly – Leo Gasparrini May 29 '17 at 13:37 — Leo Gasparrini, May 29 '17 at 13:37

score 0 · Answer 1 · answered Jun 18 '13 at 15:56

0

You want to run the before_filter on every request, not just login.

Replace before_filter :session_expires, :only => [:login] with before_filter :session_expires.

answered Jun 18 '13 at 15:56

Intelekshual

7,264
1
19
28

No Actually, This session execution i want to run before login only. What i want to do is after user login i will assign my session expiry time like (1.minute from now) and then after that one minutes the page automatically should logout and redirect to login page. Any help please. – Jun 18 '13 at 16:02
This answer is allright, if you don't understand it you probably should take a look on Rail guides http://guides.rubyonrails.org/getting_started.html – Mike Szyndel Jun 18 '13 at 18:34

score 0 · Answer 2 · edited May 23 '17 at 10:32

0

I suggest you take a look on this guide - why you shouldn't do authentication on your own

The definitive guide to form-based website authentication

There's an excellent solution for Ruby/Rails available - Devise gem https://github.com/plataformatec/devise

If you need to authenticate against some external api, take a looke here
https://github.com/plataformatec/devise/wiki/How-To:-Authenticate-via-LDAP
http://4trabes.com/2012/10/31/remote-authentication-with-devise/

edited May 23 '17 at 10:32

Community

1
1

answered Jun 18 '13 at 18:33

Mike Szyndel

10,124
7
44
61

Thank you for your reply. My problem is i cannot use gem like Devise because all the data for my application are come from database api. so i no need to create active record model. That why i did all authentication from scratch. – Jun 19 '13 at 02:44

score 0 · Answer 3 · answered Aug 12 '14 at 07:06

I got following simple solution.

I added one simple method in application.rb. it worked well.

class ApplicationController < ActionController::Base
    before_filter :session_expires

    MAX_SESSION_TIME = 60 * 60

    helper_method :current_user?  

    protected

    def current_user?
      if session[:user_id].nil?
        false
      else
        true
      end
    end  

    def authorize
      unless current_user?
        flash[:error] = "Please Login to access this page !";
        redirect_to root_url
        false
      end
    end

    def session_expires
      if !session[:expire_at].nil? and session[:expire_at] < Time.now
        reset_session
      end
      session[:expire_at] = MAX_SESSION_TIME.seconds.from_now
      return true
    end


  protect_from_forgery
end

Rails session timeout and redirect to sign in page

3 Answers3