I’ve successfully implemented SessionTimeout. It works great.
On a given request, assuming that the session has timed out, what I’d
like to do is have my session timeout handler be smart enough to
determine which actions in my app. actually require session data in
order to function correctly vs. actions which don’t require session
Then the handler can redirect to the original requested action IF it
DOESN’T require the use of session data. IF the original requested
action DOES require the use of pre-existing session data, then the
handler would redirect to some predefined “restarting” action.
Obviously, I know my app. and I can specify which actions are in which
camp via hard coding etc. Not a problem. However, it would be nice to
be able to determine this in some more generic way. The most generic
rule for figuring out the disposition of a given action would seem to
IF the contents of an action contain any assignment statement (or return
value) that includes a reference to a session hash member (e.g. x =
session[:blah]), then this action requires pre-existing session data and
cannot be safely redirected to after a session timeout. Otherwise, (no
assignment or return statements that reference a session hash member),
the action is safe to be redirected to after a session timeout.
Can anyone think of a clever way to encapsulate a generic test for this?
If a fully generic test can’t be created, one way to handle this could
be to maintain lists of “safe-to-redirect-to” vs.
“unsafe-to-redirect-to” methods in each controller and then just
interrogate the controllers to figure it out in the session timeout