Exception to session timeouts?

Hi,

I am using the session timeout plugin to expire the sessions after a
certain period of time. But the problem is that for that I have to give
the expiry time and the action to perform on expiry in application
controller. Now, I have certain actions in some controllers which don’t
use sessions and hence should work evem if the session is expired. Also,
I tried putting the session timeout code before the filters in the other
controllers but as I have a before_filter to check for authorization,
hence I get an error saying that I can’t specify two redirects or
renders.

class CminfoController < ApplicationController
session_times_out_in 15.minute, :after_timeout=>:timeout_redirect

before_filter :login_required

Above code causes :

ActionController::DoubleRenderError in CminfoController#storelist

Render and/or redirect were called multiple times in this action. Please
note that you may only call render OR redirect, and only once per
action. Also note that neither redirect nor render terminate execution
of the action, so if you want to exit an action after redirecting, you
need to do something like “redirect_to(…) and return”. Finally, note
that to cause a before filter to halt execution of the rest of the
filter chain, the filter must return false, explicitly, so “render(…)
and return false”.

But if I move the session timeout to application.rb, then what do I
specify in xyz controller that makes its actions work even if the
session has expired?

Thanks for any help.

Hi, if your session information is tied to your authentication, then it
would only affect the actions that require authentication. Thus, you’ll
need to change the following line because it requires authentication for
all
your public actions in the controller in question:

before_filter :login_required

to something similar to the following:

before_filter :login_required, :except => [:, :, … ]

Now, you’re authenticating for all actions except , ,

Good luck,

-Conrad

Actually, I am using the sessions to store my menus also which are
loaded from database. Hence, some general area of the site does no
require login data from session. But sessions are needed in controllers
where login is not needed to display menu.In those controllers timeout
should not happen.

So, now what should I do?

Conrad T. wrote:

Hi, if your session information is tied to your authentication, then it
would only affect the actions that require authentication. Thus, you’ll
need to change the following line because it requires authentication for
all
your public actions in the controller in question:

before_filter :login_required

to something similar to the following:

before_filter :login_required, :except => [:, :, … ]

Now, you’re authenticating for all actions except , ,

Good luck,

-Conrad