Forum: Ruby on Rails Deleting Sessions with no logout

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2009-05-11 21:45
HI all,

I have an app that has a admin side and a user side. The users logging
into the admin side can view and edit profile, if need be, on the user
side. However, the user has three types: admin, travel manager, and
traveler. An admin logs in, the admin session is set. If the admin looks
at a user "Traveler" profile the traveler session gets set.

What I have noticed is that the admin instead of logging it, like they
should be, simply click the 'X'. Under certain conditions, I have
started to notice that this is causing some unwanted behavor and have
come to the conclusion that I need to make sure that the session
variables for both a traveler and a travel manager get set to nil when
the admin logs out of that profile or 'X's out.

My question is, how the heck do you do this? I could use javaScript but
then how would I call the controller method? I have read that there is a
onClose event in javaScript but it's not supportted in all browsers. Is
there a Rails way to do this? Thanks,

-S
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2009-05-11 23:50
I tried this:

In View:

<% func =  remote_function( :url => { :action => 'set_sessions_nil'} )
-%>
<body onunload = "<%= func %>">
.....
</body>

In Controller:

def set_sessions_nil
  session[:user] = nil
  session[:arranger] = nill
end

Pretty straight forward, but after I open and close a few windows my
server running the localhost dies - it just sits there and does nothing,
so don't try that a home.

-S
5f94b9b346c2aa648a80bc259978e5bc?d=identicon&s=25 Colin Law (Guest)
on 2009-05-12 09:40
(Received via mailing list)
I think you may find there is no reliable way of achieving this, there
was a
significant thread on this issue a little while ago.
What is the unwanted behaviour that you are seeing? Perhaps there is a
better solution.
Colin

2009/5/11 Shandy Nantz <rails-mailing-list@andreas-s.net>
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2009-05-12 23:13
Colin Law wrote:
> I think you may find there is no reliable way of achieving this, there
> was a
> significant thread on this issue a little while ago.
> What is the unwanted behaviour that you are seeing? Perhaps there is a
> better solution.
> Colin
>
> 2009/5/11 Shandy Nantz <rails-mailing-list@andreas-s.net>

It has to do with the sessions which are holding id for the current
users logged in. At most, there may be three session variables set - the
two above and another called session[:admin]. An admin can move from
profile to profile making modifications, but what I think is happening
is that the admin are not "logging" like they should and are instead
simply "X"ing out. This means that those sessions may be used to set up
unwanted objects and show links, and other varous forms of undesired
information.
5f94b9b346c2aa648a80bc259978e5bc?d=identicon&s=25 Colin Law (Guest)
on 2009-05-13 11:14
(Received via mailing list)
2009/5/12 Shandy Nantz <rails-mailing-list@andreas-s.net>

>
> It has to do with the sessions which are holding id for the current
> users logged in. At most, there may be three session variables set - the
> two above and another called session[:admin]. An admin can move from
> profile to profile making modifications, but what I think is happening
> is that the admin are not "logging" like they should and are instead
> simply "X"ing out. This means that those sessions may be used to set up
> unwanted objects and show links, and other varous forms of undesired
> information.


Do you mean another user is coming along to the pc that had the admin
user
logged in and using it as admin? Or that someone is picking up the admin
role on another PC when they should not? Or something else?
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2009-05-13 16:55
Colin Law wrote:
> 2009/5/12 Shandy Nantz <rails-mailing-list@andreas-s.net>
>
>>
>> It has to do with the sessions which are holding id for the current
>> users logged in. At most, there may be three session variables set - the
>> two above and another called session[:admin]. An admin can move from
>> profile to profile making modifications, but what I think is happening
>> is that the admin are not "logging" like they should and are instead
>> simply "X"ing out. This means that those sessions may be used to set up
>> unwanted objects and show links, and other varous forms of undesired
>> information.
>
>
> Do you mean another user is coming along to the pc that had the admin
> user
> logged in and using it as admin? Or that someone is picking up the admin
> role on another PC when they should not? Or something else?

No, an admin logs in and they can view and edit other profiles (not
other admin profiles), all from the same PC.
5f94b9b346c2aa648a80bc259978e5bc?d=identicon&s=25 Colin Law (Guest)
on 2009-05-13 16:58
(Received via mailing list)
I still do not understand the problem you are seeing.
Colin

2009/5/13 Shandy Nantz <rails-mailing-list@andreas-s.net>
This topic is locked and can not be replied to.