Forum: Ruby on Rails Setting session to nil when window is closed

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2008-10-29 21:22
I have this app at work that has Administrators and Users as two types
of users. I know who is a of what type by setting session variables:
session[:admin] and session[:user] holding the id's. The administrators
can go to any of the user pages as needed. When that happens the two
session variables - :admin and :user - get set. The issue is that
sometimes the admins dont "logout" of those user pages and the :user
session remain set - they simply close the form. Is there a way to set
those sessions to nil whenever that window is closed if they dont
logout? Thanks,

-S
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-10-29 22:08
(Received via mailing list)
On 29 Oct 2008, at 20:22, Shandy Nantz wrote:

> logout? Thanks,
>
Not in a fool proof way. You could have a window's onClose fire off an
ajax request, but obviously that won't work if they have javascript
turned off, won't work if they just turn off their computer or if
their broadband dies, might not work if they quit their browser etc...

Fred
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2008-10-29 22:12
Frederick Cheung wrote:
> On 29 Oct 2008, at 20:22, Shandy Nantz wrote:
>
>> logout? Thanks,
>>
> Not in a fool proof way. You could have a window's onClose fire off an
> ajax request, but obviously that won't work if they have javascript
> turned off, won't work if they just turn off their computer or if
> their broadband dies, might not work if they quit their browser etc...
>
> Fred

That's what I am trying to do by saying:

onunload = "delete_cookie('user');

The probablem is doesn't seem to be working. When I say session[:user] =
"blah" is the name of that cookie "user"?

If anyone is interested by delete_cookie fuunction looks like:

function delete_cookie ( cookie_name )
{
  var cookie_date = new Date ( );  // current date & time
  cookie_date.setTime ( cookie_date.getTime() - 1 );
  document.cookie = cookie_name += "=; expires=" +
    cookie_date.toGMTString();
}
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-10-29 22:32
(Received via mailing list)
On 29 Oct 2008, at 21:12, Shandy Nantz wrote:

>> their broadband dies, might not work if they quit their browser
> "blah" is the name of that cookie "user"?
>
No. There is a single cookie (the default name is something like
app_session where app is the name of the application). The associated
value is either a serialized ruby object containing the session (if
you are using the cookiestore) or just some completely opaque id that
rails can use to grab the session from the db/memcache/filesystem.
(You could have worked some of this out just by looking in your
browser's settings - you can list all cookies stored by your browser)

Fred
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2008-10-29 23:01
Frederick Cheung wrote:
> The associated
> value is either a serialized ruby object containing the session (if
> you are using the cookiestore) or just some completely opaque id that
> rails can use to grab the session from the db/memcache/filesystem.
> (You could have worked some of this out just by looking in your
> browser's settings - you can list all cookies stored by your browser)
>
> Fred

I just upgraded to Rails 2.1.0. so I am using the cookiestore but I am
storing id's in multiple session variables: session[:user],
session[:admin], session[:company_id]. I am trying to destroy the
session[:user] via a javaScript function.

I was under the impression that when I create a session[:user] =
@user.id that the cookie looked like:

   'user=12232; expires=Thu, 29 Oct 2008 20:47:11 UTC; path=/'

and that I could erase it through javaScript by saying:

   delete_cookie( 'user' )

but Im not sure that when I create the session variable that the name is
actually 'user'?
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-10-29 23:34
(Received via mailing list)
On 29 Oct 2008, at 22:01, Shandy Nantz wrote:

>
> and that I could erase it through javaScript by saying:
>
>   delete_cookie( 'user' )
>
> but Im not sure that when I create the session variable that the
> name is
> actually 'user'?

You're wrong. There is only one cookie. it contains a serialised ruby
object (a hash to be quite precise)

Fred
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2008-10-30 15:26
Frederick Cheung wrote:
>
> You're wrong. There is only one cookie. it contains a serialised ruby
> object (a hash to be quite precise)
>
> Fred

I think I figured it out. I did a remote_function in my layout

<% func =  remote_function( :url => { :action => 'set_session_nil'} )
-%>
<body onunload = "<% func %>">
.......

and then in the controller I just set session[:user] = nil.

Sorry if I wasn't understand correctly Fred, but thanks for your help. I
learned a lot about sessions that I didn't know and hopefully will be
better prepared the next time I have to do something new and unusual
with them.
This topic is locked and can not be replied to.