I just noticed a kinda weird thing: if users log in with the ‘Remember
Me’ option enabled, their records in the db get updated everytime the
user reloads a page, because apparently restful_authentication’s code
updates the remember_token_expires_at & remember_token attributes for
each page load (not only once on the actual login (from cookie).
Wouldn’t it make much more sense to set this remember_token_expires_at
and the corresponding token once only and that’s it? Or am I missing
something?
Just wanna make sure the db doesn’t get hit (writing-wise) over and
over again during a users’ browsing session on the site.
Say that a user spends 2 hours on one website doing stuff, and their
remember token is saved only when they log in. After 2 hours they’re
going
to be doing something extremely critical (as all people who surf
websites
for 2 hours straight obviously do) and then their next action there not
going to be logged in!
well the default remember_me timeout is set to two weeks, so that
shouldn’t happen & a user typically doesn’t idle on a website with his/
her browser open for 2 weeks … well at least I hope so
I do understand the basic idea behind it, but just wondering whether
it is really necessary this way…
-J
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
