session_lifetime plugin October 30th, 2008
One of the things I take for granted on the internet is session expiry. I’m used to the fact that if I’m not active for a certain amount of time, I automatically get logged out. This happens with my Online Banking, with ordering tickets online, …. Most information-critical applications have this.
Because of that, I was surprised that Rails doesn’t have this functionality on board. There is no way to set an expiry date on your session. I googled a bit and stumbled upon the dynamic session exp plugin. This gives you the possibility to expire your session through the cookie’s expires-flag.
# in environment.rb CGI::Session.expire_after 1.day
This plugin worked fine until I wanted to send a message to the webuser, informing him why this happened. Because we’re working with the expire-setting in a cookie, this isn’t possible. Because of that, I wrote my own plugin that gave me that possibility.
With session_lifetime you can set after how much time of inactivity your session should expire, you can execute an action when the session expires, and you can set where to
redirect_to after session expiry.
class ApplicationController << ActionController::Base expires_session :time => 2.hours, :redirect_to => '/login' protected def on_expiry flash[:notice] = "Your session has been expired, and you have been logged out." end end
More information can be found on github.
I wrote this plugin to solve the problems I had with default Rails session handling. If you have an additional need which you think would be great for this plugin, give me a shout at firstname.lastname@example.org, or through GitHub, and I’ll be more then happy to implement your proposal.l