Deleting Sessions with no logout


#1

HI all,

I have an app that has a admin side and a user side. The users logging
into the admin side can view and edit profile, if need be, on the user
side. However, the user has three types: admin, travel manager, and
traveler. An admin logs in, the admin session is set. If the admin looks
at a user “Traveler” profile the traveler session gets set.

What I have noticed is that the admin instead of logging it, like they
should be, simply click the ‘X’. Under certain conditions, I have
started to notice that this is causing some unwanted behavor and have
come to the conclusion that I need to make sure that the session
variables for both a traveler and a travel manager get set to nil when
the admin logs out of that profile or 'X’s out.

My question is, how the heck do you do this? I could use javaScript but
then how would I call the controller method? I have read that there is a
onClose event in javaScript but it’s not supportted in all browsers. Is
there a Rails way to do this? Thanks,

-S


#2

I tried this:

In View:

<% func = remote_function( :url => { :action => ‘set_sessions_nil’} )
-%>

"> .....

In Controller:

def set_sessions_nil
session[:user] = nil
session[:arranger] = nill
end

Pretty straight forward, but after I open and close a few windows my
server running the localhost dies - it just sits there and does nothing,
so don’t try that a home.

-S


#3

I think you may find there is no reliable way of achieving this, there
was a
significant thread on this issue a little while ago.
What is the unwanted behaviour that you are seeing? Perhaps there is a
better solution.
Colin

2009/5/11 Shandy N. removed_email_address@domain.invalid


#4

Colin L. wrote:

I think you may find there is no reliable way of achieving this, there
was a
significant thread on this issue a little while ago.
What is the unwanted behaviour that you are seeing? Perhaps there is a
better solution.
Colin

2009/5/11 Shandy N. removed_email_address@domain.invalid

It has to do with the sessions which are holding id for the current
users logged in. At most, there may be three session variables set - the
two above and another called session[:admin]. An admin can move from
profile to profile making modifications, but what I think is happening
is that the admin are not “logging” like they should and are instead
simply "X"ing out. This means that those sessions may be used to set up
unwanted objects and show links, and other varous forms of undesired
information.


#5

Colin L. wrote:

2009/5/12 Shandy N. removed_email_address@domain.invalid

It has to do with the sessions which are holding id for the current
users logged in. At most, there may be three session variables set - the
two above and another called session[:admin]. An admin can move from
profile to profile making modifications, but what I think is happening
is that the admin are not “logging” like they should and are instead
simply "X"ing out. This means that those sessions may be used to set up
unwanted objects and show links, and other varous forms of undesired
information.

Do you mean another user is coming along to the pc that had the admin
user
logged in and using it as admin? Or that someone is picking up the admin
role on another PC when they should not? Or something else?

No, an admin logs in and they can view and edit other profiles (not
other admin profiles), all from the same PC.


#6

2009/5/12 Shandy N. removed_email_address@domain.invalid

It has to do with the sessions which are holding id for the current
users logged in. At most, there may be three session variables set - the
two above and another called session[:admin]. An admin can move from
profile to profile making modifications, but what I think is happening
is that the admin are not “logging” like they should and are instead
simply "X"ing out. This means that those sessions may be used to set up
unwanted objects and show links, and other varous forms of undesired
information.

Do you mean another user is coming along to the pc that had the admin
user
logged in and using it as admin? Or that someone is picking up the admin
role on another PC when they should not? Or something else?


#7

I still do not understand the problem you are seeing.
Colin

2009/5/13 Shandy N. removed_email_address@domain.invalid