I have a before_filter in my application controller to keep a user's session alive (and log them out if a time out has been reached). This should be called on every action except /sessions/new and /sessions/destroy which are routed as /login and /logout.
The relevant parts of my application controller look like this;
class ApplicationController < ActionController::Base
before_filter :update_activity_time, :except => [:login, :logout]
private
def update_activity_time
if current_user
time_out = current_user.setting.remember_me ? 20160 : current_user.setting.user_timeout
from_now = time_out.minutes.from_now
end
if session[:expires_at].blank?
session[:expires_at] = from_now
else
time_left = (session[:expires_at].utc - Time.now.utc).to_i
if time_left <= 0
session_expiry
else
session[:expires_at] = from_now
end
end
end
def session_expiry
reset_session
flash[:notice] = 'Your session has expired. Please log back in.'
unless request.xhr?
session[:return_to] = request.request_uri
redirect_to login_url
else
session[:return_to] = request.referer
render :js => "window.location.replace(\"#{login_url}\")"
end
end
end
and my routes.rb contains the following;
map.login "login", :controller => "sessions", :action => "new"
map.logout "logout", :controller => "sessions", :action => "destroy"
The before_filter is being called when /login or /logout are being visited. This isn't a show-stopper but it does cause a few odd behaviours (e.g. when logging out from a page that has timed out).
Any ideas what I'm doing wrong? I'm using Rails 2.3.10.
The
:except
option takes action names, not url parts. Here's what you should do instead:Then, in
sessions_controller.rb
:You don't want to put the
:except
inApplicationController
because, if you did, thenew
anddestroy
actions for every one of your app's controllers wouldn't update the activity time.