Actually I want to reset_session of a particular user to make sure he is
logged out on any other system he used before before logging on current
one.
Vapor … wrote:
Actually I want to reset_session of a particular user to make sure he is
logged out on any other system he used before before logging on current
one.
So what is your question? Why not just use reset_session?
jp
I am accomplishing this by storing the session_id in the user model.
When a user logs in I update the user model with the current
session_id. Then I have a before filter in the application.rb that
checks that the session_id stored in the user model matches the
current session_id. If it does not, the user gets logged out and a
friendly error message telling them they logged in somewhere else.
The current session id can be accessed with session.session_id
On Nov 5, 2:38 pm, “Vapor …” [email protected]
Using reset_session will only reset the session for the current client
computer.
On Nov 5, 2:38 pm, “Vapor …” [email protected]
You can either reset_session the moment someone reaches your login
page or just after defining your login method reset the session but
this will also clear any session which you might want to have before a
user logs in ie the url user tried to access.
On Nov 5, 7:38 pm, “Vapor …” [email protected]
Jeff P. wrote:
So what is your question? Why not just use reset_session?
jp
the problem is that user can access website from many workstations. I
want to make sure that before user logs in, his previous session on any
workstation expires (like facebook).
if I write reset_session in login part of controller before
User.authenticate, would it work? I am not quite sure because user has
not logged in yet and there is no mentioning of which user it is going
to reset session of.