SessionTimeout plugin - anybody gotten it to work?

I’ve just found Luke R.'s SessionTimeout plugin. From the writeup,
it looks like it will do exactly what I need. Unfortunately, from my
experience so far, it looks like it doesn’t do a dang thing!!! :wink: I’m
sure it’s an operator-error problem. Any help would really be
appreciated.

I made a real simple sandbox app to test it out. The controller looks
like this.

class CreateController < ApplicationController
session_times_out_in 5.seconds, :after_timeout => :goodbye

def index
end

def goodbye
redirect_to :controller => ‘create’, :action => ‘goodbye’
end

end

The index and goodbye views are just simple text letting me know where I
am. I’m using an AR session store and can see the updated_at field
being set correctly. It’s just that nothing happens in the app after
5.seconds.

Anybody got any ideas?

Thanks,
Bill

Bill,

I wonder if you refreshed the page after the 5.seconds is up. I think
the refresh
may trigger the timeout code but I haven’t worked with this plugin.

It seems your test code has a cyclic redirect (:goodbye => :goodbye).
You may see
an ‘interesting’ effect if the plugin does work.

Cheers,

Long

Bill W. wrote:

I’ve just found Luke R.'s SessionTimeout plugin. From the writeup,
it looks like it will do
exactly what I need. Unfortunately, from my experience so far, it looks
like it doesn’t do a dang
thing!!! :wink: I’m sure it’s an operator-error problem. Any help would
really be appreciated.

I made a real simple sandbox app to test it out. The controller looks
like this.

class CreateController < ApplicationController
session_times_out_in 5.seconds, :after_timeout => :goodbye

def index
end

def goodbye
redirect_to :controller => ‘create’, :action => ‘goodbye’
end

end

The index and goodbye views are just simple text letting me know where I
am. I’m using an AR
session store and can see the updated_at field being set correctly.
It’s just that nothing happens
in the app after 5.seconds.

Long wrote:

I wonder if you refreshed the page after the 5.seconds is up.
I think the refresh may trigger the timeout code but I haven’t
worked with this plugin.

Yep. I tried that. The page refreshes and the created_at field in the
AR
session record gets updated. It doesn’t trigger the “after_timeout”
method

It seems your test code has a cyclic redirect (:goodbye =>
:goodbye). You may see an ‘interesting’ effect if the plugin
does work.

Oops :-p I’d tried putting the session_times_out_in function and the
goodbye method in application.rb and then calling the goodbye method in
the
‘create’ controller to render the ‘goodbye’ view. It didn’t work there
either.

Thanks for your reply though!
Bill

Doesn’t the session get updated before the controller is invoked?
Would that not reset the updated time for the session?

Hi Long,

Long wrote:

Where can I find this plugin and documentation?
I’d be interested in helping make it work.

I’ve got a feeling it’s already working and that my problem is my
problem
;- )

The plugin (or at least what I’m using) is at:

http://opensource.agileevolved.com/trac/browser/rails_plugins/session_timeout/trunk

The home page is:

http://opensource.agileevolved.com/trac/wiki/SessionTimeout

Any help is much appreciated!

Best regards,
Bill

Bill W. wrote:

It seems your test code has a cyclic redirect (:goodbye =>
:goodbye). You may see an ‘interesting’ effect if the plugin
does work.

Oops :-p I’d tried putting the session_times_out_in function and the
goodbye method in application.rb and then calling the goodbye method in the
‘create’ controller to render the ‘goodbye’ view. It didn’t work there
either.

Where can I find this plugin and documentation? I’d be interested in
helping
make it work.

Long

Hi Erik,

Erik wrote:

Doesn’t the session get updated before the controller
is invoked? Would that not reset the updated time for
the session?

Based on what I’m seeing, at least in an AR session, the created_at
field
only get’s updated whenever there’s explicit user action like a refresh
or
clicking a link on a page. That does make some sense to me given what
(little) I know about the Rails architecture.

Thanks,
Bill

Bill W. wrote:

The plugin (or at least what I’m using) is at:

http://opensource.agileevolved.com/trac/browser/rails_plugins/session_timeout/trunk

The home page is:

http://opensource.agileevolved.com/trac/wiki/SessionTimeout

Thanks for the links. I’ve gone over the logistics of the
session_timeout.rb module and
didn’t see anything obvious. Your code should have worked (to the point
of cyclic redirects).

I decided to grab the plugin and run my own tests. You’re right, the
plugin is working, at least
for FileStore sessions. I don’t use AR session store, yet.

Here is my code:

session_times_out_in 5, :after_timeout => :goodbye, :except => :goodbye

def index
end

def goodbye
logger.info “>>>> Running :goodbye”
redirect_to ‘/’
end

Another place to look is …/log/development.log and look for the
logger.info entries.
The :except option seems to be undocumented. It will prevent the filter
from running
when :goodbye is called in the callback.

Well that is all I have. I doubt AR session store would be any different
but I
could be wrong. One silly thing to watch for is the correct spelling of
:after_timeout.
It got me and I was seeing the effect you described.

Good luck,

Long

Long wrote:

I was looking for a zip file to install but didn’t see one

A zip would definitely have been nice. Or a URL that would let me use
script install. No luck there either.

so I grabbed the lib/session_timeout.rb and the
init.rb files and installed manually.

ruby script/generate plugin session_timeout

then I overwrite the files with the downloaded ones.

Thank you very much. This approach did not occur to me. I thought I
was
going to end up dead in the water.

If you are looking to expire a session automatically
(on its own) then this plugin will not do it. In fact Rails
is not designed to behave like that.

Yep. That’s what I’m looking for. I was hoping maybe Luke had
corrected
that design ‘flaw’ :wink: Seriously… the app I’m working on has a
requirement that’s not just unusual for Rails, I think it’s a bit
unusual
period. Visitors enter information into the app which takes it and
creates
a file in a standardized xml format. They save the file to their local
PC.
When they logout of the app all the information they’ve entered must be
removed from the app’s database and from the file system. On top of
that,
the app has a session timeout mechanism that resets every time the
visitor
interacts with the app; like online banking apps.

The best we can do with Rails here is to have an
external background process that run periodically
and delete sessions that have ‘expired’, base on the
updated_at timestamp.

My impression is that Luke’s SessionTimeout plugin improves the
situation
somewhat. At least it looks like it’ll make it easy to satisfy the
‘keep-alive’ requirement. I’m planning to use Ezra’s backgroundrb
plugin
for the external process since, as I understand it, its workers have
access
to the app models. It seems to me that having access to those will make
the
cleanup a lot easier.

If you’ve got any interest in pushing the envelope in Rails session
management, let me know. This definitely does.

Thanks again for your help!

Best regards,
Bill

Bill W. wrote:

start over (I’m using Instant Rails, so it’s easy).

I was looking for a zip file to install but didn’t see one so I grabbed
the
lib/session_timeout.rb and the init.rb files and installed manually.

ruby script/generate plugin session_timeout

then I overwrite the files with the downloaded ones.

I decided to grab the plugin and run my own tests.
You’re right, the plugin is working, at least for
FileStore sessions.

Could you say more about how it’s ‘working’?

Specifically, does it do the redirect to :goodbye ‘on its own’ after the
time has run? Or does it only do it if the user requests a page after the
time has run?

I wonder if I misunderstood your original question. It is working in the
way
that when the user refreshes after the time has run out the :goodbye
method
gets invoked. In my test code the browser was redirected to /.

If you are looking to expire a session automatically (on its own) then
this
plugin will not do it. In fact Rails is not designed to behave like
that. There is
no Container (like Java) that will do session management for you. The
best we can
do with Rails here is to have an external background process that run
periodically and
delete sessions that have ‘expired’, base on the updated_at timestamp.

I don’t use AR session store, yet.

The switch to AR is unbelievably painless. All it takes is uncommenting one
line in config\environment.rb and putting a session table in your SQL script
or migration. My SQL script for this test is:

I just haven’t had the requirement to use it, but the information you
provide will
prove useful. Thanks.

Long

Hi Long,

Thanks much for the reply, and for checking out the plugin. I
appreciate
it. More below.

Long wrote:

Thanks for the links. I’ve gone over the logistics
of the session_timeout.rb module and didn’t see
anything obvious. Your code should have worked
(to the point of cyclic redirects).

Thanks for letting me know. I had some ‘problems’ getting the plugin
installed so I think I’m going to just delete the whole Rails install
and
start over (I’m using Instant Rails, so it’s easy).

I decided to grab the plugin and run my own tests.
You’re right, the plugin is working, at least for
FileStore sessions.

Could you say more about how it’s ‘working’?

Specifically, does it do the redirect to :goodbye ‘on its own’ after the
time has run? Or does it only do it if the user requests a page after
the
time has run?

I don’t use AR session store, yet.

The switch to AR is unbelievably painless. All it takes is uncommenting
one
line in config\environment.rb and putting a session table in your SQL
script
or migration. My SQL script for this test is:

drop table if exists sessions;
create table sessions (
id int not null auto_increment,
sessid varchar(255),
data text,
updated_at datetime default NULL,
primary key(id),
index session_index (sessid)
) engine=InnoDB;

If you find out anything, I’d really appreciate it if you’d pass it
along.

Thanks,
Bill

hola amigo tu tienes el plugins para session timeout?
si es asi me lo podrias facilitar?

Bill W. wrote:

‘keep-alive’ requirement. I’m planning to use Ezra’s backgroundrb plugin
for the external process since, as I understand it, its workers have access
to the app models. It seems to me that having access to those will make the
cleanup a lot easier.

By default Rails does not expire sessions so ‘keep alive’ is not really
a problem.
You can have a user log in for as long as the browser will keep the
cookie.

Rolling your own external process is not that difficult either. Have a
look in
the …/script directory for examples. It shows you how to hook in to the
AR
models for use outside of Rails.

If you’ve got any interest in pushing the envelope in Rails session
management, let me know. This definitely does.

Well I have written my own plugin for this in my projects, albeit not as
elegant
as the one by Luke at Agile Evolved, but it does the job. I was able to
make mine
a bit more useful borrowing some ideas from his plugin. I plan to
release my
plugin but just haven’t got around to documenting it (on todo list). I
hope to
find some time and do this soon.

In terms of pushing the envelope, I think if there is a will there is a
way. It
might be possible to clean up dropped sessions in an automated way. This
sounds like a worthwhile project to get on.

Cheers,

Long

On Mar 24, 2008, at 8:27 AM, Jhon K. wrote:

hola amigo tu tienes el plugins para session timeout?
si es asi me lo podrias facilitar?

Does anyone know where it (Luke R.'s SessionTimeout) can be
downloaded? The commonly published link is defunct, and I can’t find
alternatives.

– gw

On Tuesday 13 May 2008, Greg W. wrote:

On Mar 24, 2008, at 8:27 AM, Jhon K. wrote:

hola amigo tu tienes el plugins para session timeout?
si es asi me lo podrias facilitar?

Does anyone know where it (Luke R.'s SessionTimeout) can be
downloaded? The commonly published link is defunct, and I can’t find
alternatives.

Here’s an alternative

http://www.elctech.com/2007/10/29/sliding-session-timeout

HTH,
Michael


Michael S.
mailto:[email protected]
http://www.schuerig.de/michael/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs