Cleanup at session expiration

I’m going to explicitly time out sessions if they’re idle more than X
minutes. Like online banking sites do.

How do I set things up so that, when a session expires, a set of
database records and a set of files that may have been created (which
are identified via a seperate set of database records) are deleted just
before the session data?

TIA,
Bill

----- Original Message -----
“Bill W.” [email protected] writes:

I’m going to explicitly time out sessions if they’re idle more than X minutes.
Like online banking sites do.

How do I set things up so that, when a session expires, a set of database
records and a set of files that may have been created (which are identified
via a seperate set of database records) are deleted just before the session data?

Assuming you are using ‘reset_session’ to clean up, why not over-ride
the method
in your Controller like

def reset_session
do_my_clean_up
super
end

Long

Bill W. wrote:

I’m going to explicitly time out sessions if they’re idle more than X
minutes. Like online banking sites do.

How do I set things up so that, when a session expires, a set of
database records and a set of files that may have been created (which
are identified via a seperate set of database records) are deleted just
before the session data?

You don’t give any indication how you plan to call the session
expiration routine, so I’m not sure whether my session_cleanup routine
is something you can use. But you might be able to get some ideas from
it:

http://alevans.com/dl/session_cleanup-0.3.0.tgz

–Al Evans

Hi Long,

Long wrote:

Assuming you are using ‘reset_session’ to clean up,
why not over-ride the method in your Controller like

def reset_session
do_my_clean_up
super
end

I am using reset_session as the last action of the manual cleanup (which
is
what I need to automate). Is that what RoR uses? So if I just set an
expiration time on the session, and have the over-ridden ‘reset_session’
action in my Controller, RoR will call that action? It hadn’t occurred
to
me to just over-ride the method. That’s sooooo cool. Rails ROCKS!
Thanks!

Bill

Hi Long,

Long wrote:

the method over-ride concept is really
fundamental to OO.

I understand how over-ride works for methods I explicitly call. But
that
isn’t the case here. The use case starts with an abandoned session. I
found documentation on how to set the expiration time, how to reset it
so
the session stays alive, etc. But I couldn’t find any documentation or
examples on how the expiration process works (i.e., this call, then
that,
etc.) or of how to hook into it. Do I need to put the over-ridden
definition in application.rb? Or will RoR somehow find it whichever
Controller it’s in? Can you point me to any documentation on how this
works? Does Rails keep a list somewhere of all the methods an
application
over-rides?

Thanks,
Bill

Bill W. wrote:

The use case starts with an abandoned session. I
found documentation on how to set the expiration time, how to reset it
so
the session stays alive, etc. But I couldn’t find any documentation or
examples on how the expiration process works (i.e., this call, then
that,
etc.) or of how to hook into it.

The general answer is that there isn’t any expiration process unless you
make one. You have expired the session, so that it won’t be active next
time somebody wanders into the internet cafe and goes to your site. But
the session itself is still there, unless you remove it. When the next
user comes along, your app doesn’t know anything at all about that
expired session.

If you just want to delete old sessions, you can use a cron job. If you
need to clean up after them, though, you’ll need something like the
script I mentioned above. Unless your user explicitly logs out (giving
you to opportunity to do whatever you need to do, then reset_session),
your Rails app won’t ever see that old session again until you go
looking for it.

–Al Evans

super
end

I am using reset_session as the last action of the manual cleanup (which is
what I need to automate). Is that what RoR uses? So if I just set an
expiration time on the session, and have the over-ridden ‘reset_session’
action in my Controller, RoR will call that action? It hadn’t occurred to
me to just over-ride the method. That’s sooooo cool. Rails ROCKS! Thanks!

Hey Bill,

Yes I think that will work. Rails ROCKS for sure but the method
over-ride
concept is really fundamental to OO.

Cheers,

Long

etc.) or of how to hook into it. Do I need to put the over-ridden
definition in application.rb? Or will RoR somehow find it whichever
Controller it’s in? Can you point me to any documentation on how this
works? Does Rails keep a list somewhere of all the methods an application
over-rides?

I will just put my 2cents in with Al’s post.

Without over-riding ‘reset_session’, one can call it from any controller
that
is a subclass of ApplicationController (AC). If ALL subclasses of AC
requires
the manual clean up then the answer is “Yes, over-ride in AC”.

In a previous technology I was accustomed to relying on a “Session
Manager”
that runs in a background process and zaps all expired sessions
automatically.
It seems we need to manage sessions differently in RoR. Once a session
is idle for
an extended period (either abandoned or due to a long coffee break), the
only
way (well in most cases) it gets more activity is through access from
the
originating browser.

So it makes sense to me to invalidate the session when the client tries
to
reconnect and force him/her to a new session, if the current session is
deem expired. For the “truly” abandoned sessions a cron job will have to
do.

Long