Server-side session management for short session expirations

I need to effectively log a user out if their session is inactive for
more than a short period of time, like 5 minutes. I need some help
understanding how to approach session expiration and cleanup in Rails.

When the user explicitly logs out of my app, I delete all the data
they’ve entered/that’s been created during their session. The data
includes files, database records, and then their session data. The
controller code that gets executed when they log out is:

def cleanup
emrec = find_emrec
files = Tempfilerec.find(:all,
:conditions => [“emrec_id = ?”,])
files.each {|file|
#FileUtils.rm “#{RAILS_ROOT}/public/#{file.filename}” for
FileUtils.rm “public/#{file.filename}”

I need to execute the same functionality when their session times out
and I’m having a real problem understanding how to go about it.

If I understand what I’ve read, the :session_expires option, which I’d
hoped to use to control their timeout, works with cookie-based,
client-side session management, not server-side. Is that right? Is
there a way to do server-side session mgmt. in a case like this?


You could look at DRB… this has its own expiry mechanism built into

How many hits are you expecting? more than 10K?


Hi Tim,

Tim P. wrote:

You could look at DRB… this has its own
expiry mechanism built into it.

Based on what I’m understanding at this point (which I may be getting
wrong), my problem is not really how to expire / remove the session and
data stored in it.

My problem is how to delete the files and database records that are
referenced by items in the session store.

I 'm expecting a small (i.e., < 100) number of concurrent sessions.
on what I’ve read, the default Pstore mechanism should handle this just
fine. I guess I can use a filter to update the file whenever there’s
activity. If I sweep the store periodically I can delete the session
older than my timeout setting. What I can’t get my arms around is…

How do I get at the data in the session store so I can do the database
file cleanup? Rails knows how to unmarshal it. But can I do that from
Ruby script? And, assuming I can do that, the database has several
that are tied through belongs_to::has_many relationships. The emrec
contains all the has_many relationships, all of which have :dependent =>
:delete_all clauses. So, as in the code I posted originally, I get rid
all the database records with a single ‘emrec.destroy.’ But Rails has
knowledge of the model to allow that. Can I do that from a Ruby script?

Thanks for any thoughts!