Topic: Authlogic : periodically check if user session is valid

Hi,

I'm looking for a solution allowing me to check periodically if the user session has expired and if so redirect him to the login page.
I'm using Authlogic gem, so what I'm doing is call a function that make a test on current_user.
My USER_SESSION_TIMEOUT is 5minutes so I make this ajax call every 5:10 minutes.

<%= periodically_call_remote :url => {:controller => 'user_session', :action => 'check_session_timed_out'}, :frequency =>  (USER_SESSION_TIMEOUT + 10.seconds) %>

def check_session_timed_out
   if !current_user
      flash[:login_notice] = "Your session timed out due to a period of inactivity. Please sign in again."
      render :update do |page|
          page.redirect_to "/user_sessions/new"   
      end
   else
       render :nothing => true
   end
end

I noticed that every time I call current_user the user object is updated and so the session is renewed to 5 minutes.
There is no problem when only one tab is opened but if I have 2 tabs each time I call check_session_timed_out current_user renew the user and so the session never expires.

any idea? Thanks

Last edited by rodney_viper (2010-02-04 19:58:22)

Re: Authlogic : periodically check if user session is valid

Here the solution from the AuthLogic source itself:

# For example, what if you had a javascript function that polled the server
# updating how much time is left in their session before it times out. Obviously
# you would want to ignore this request, because then the user would never
# time out. So you can do something like this in your controller:

def last_request_update_allowed?
action_name != "update_session_time_left"
end

In my case:

def last_request_update_allowed?
  action_name != "check_session_timed_out"
end