Hi, I am using the session timeout plugin to expire the sessions after a certain period of time. But the problem is that for that I have to give the expiry time and the action to perform on expiry in application controller. Now, I have certain actions in some controllers which don't use sessions and hence should work evem if the session is expired. Also, I tried putting the session timeout code before the filters in the other controllers but as I have a before_filter to check for authorization, hence I get an error saying that I can't specify two redirects or renders. class CminfoController < ApplicationController session_times_out_in 15.minute, :after_timeout=>:timeout_redirect before_filter :login_required Above code causes : ActionController::DoubleRenderError in CminfoController#storelist Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and only once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return". Finally, note that to cause a before filter to halt execution of the rest of the filter chain, the filter must return false, explicitly, so "render(...) and return false". But if I move the session timeout to application.rb, then what do I specify in xyz controller that makes its actions work even if the session has expired? Thanks for any help.
on 2007-05-24 07:57
on 2007-05-24 17:36
Hi, if your session information is tied to your authentication, then it would only affect the actions that require authentication. Thus, you'll need to change the following line because it requires authentication for all your public actions in the controller in question: before_filter :login_required to something similar to the following: before_filter :login_required, :except => [:<action1>, :<action2>, ... ] Now, you're authenticating for all actions except <action1>, <action2>, ... Good luck, -Conrad
on 2007-05-24 18:09
Actually, I am using the sessions to store my menus also which are loaded from database. Hence, some general area of the site does no require login data from session. But sessions are needed in controllers where login is not needed to display menu.In those controllers timeout should not happen. So, now what should I do? Conrad Taylor wrote: > Hi, if your session information is tied to your authentication, then it > would only affect the actions that require authentication. Thus, you'll > need to change the following line because it requires authentication for > all > your public actions in the controller in question: > > before_filter :login_required > > to something similar to the following: > > before_filter :login_required, :except => [:<action1>, :<action2>, ... ] > > Now, you're authenticating for all actions except <action1>, <action2>, > ... > > Good luck, > > -Conrad