With the recent release of Rails 7.1, this gem now needs updating so that it is compatible.

I've created a Pull Request #42 to add Rails v7.1 to the testing matrix (as well as added tests for newer versions of ruby too)

Hi,

In installed the auto-session-timeout gem and getting this error from the application.html.erb where this code was inserted.

ActionView::Template::Error (undefined local variable or method `current_user' for #<#Class:0x007fc05c25ecd8:0x007fc04615b658>):

is there a location where the current_user variable is defined. I used the instructions given to implement the timeout feature.

Thank you

Carmelo

Now that checks have been added to make sure the gem is compatible with Rails 7.1 it would be good to create a new release so that we can use it in our Rails 7.1 projects.

This is currently blocking me making the upgrade to Rails 7.1 on some of my projects (though I know I could always target the git branch)

I'm getting the active heartbeat every 1 minute.

def auto_timeout 2.minutes end

I never get a timeout. Where should I look for clues?

I tried both:
def timeout signout_user # my existing method end
def timeout render_session_timeout end

Rails 5.0.7

When the app does timeout as expected and redirects to the login route I invariably get an ActionController::InvalidAuthenticityToken when trying to login and create a session. Any ideas?

Routes:
devise_scope :user do
match 'active' => 'users/sessions#active', via: :get
match 'timeout' => 'users/sessions#timeout', via: :get
get 'login', to: 'devise/sessions#new'
end

Log:
Started GET "/login" for 127.0.0.1 at 2017-06-07 10:16:23 -0400
Processing by Devise::SessionsController#new as HTML
Rendering devise/sessions/new.html.erb within layouts/application
Rendered devise/shared/_links.html.erb (0.9ms)
Rendered devise/sessions/new.html.erb within layouts/application (23.3ms)
Rendered layouts/_messages.html.erb (0.3ms)
Rendered layouts/_navigation.html.erb (3.9ms)
Completed 200 OK in 267ms (Views: 265.3ms | ActiveRecord: 0.0ms)

Started POST "/users/sign_in" for 127.0.0.1 at 2017-06-07 10:19:50 -0400
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)

When use turbolinks, consider clicking the 'next page' button of a list for several times, the trigger of post '/active' will repeat for this times. e.g. I auto_session_timeout_js frequency: 120, and then click 'next page' for 5 times, then every 120 seconds will post to /action for 5 times. That's caused by write the codes in body. The correct way to do is wrapping the codes in $('document').on('turbolinks:load', function(){}).

Hello and thank you very much for this gem.

This is not a bug - it is more kind of a documentation improvement or suggestion to create a Node.js package.

I am using Rails 7.1 with Hotwire Stimulus-Rails/Turbo-Rails and ended up writing my own Stimulus controller for AutoSessionTimeout, based on the provided JS.

I experimented a bit with Stimulus and came up with this solution.

My Stimulus controller provides:

• Session Timeout check (as provided by the gem)
• Keepalive (on 'keypress' and 'scroll@window' event) -> See ApplicationHelper
  • This may be of interest for #37
• Page reload after session_timeout (Working fine with Devise and Turbo)

This is my first attempt to dig into JS - if there are any mistakes or possible improvements, please let me know :-)

Stimulus controllers customizations (thanks to #16):

app/javascript/controllers/index.js

[...]
import AutoSessionTimeoutController from "./auto_session_timeout_controller"
application.register("auto-session-timeout", AutoSessionTimeoutController)
[...]

app/javascript/controllers/auto_session_timeout_controller.js

import {Controller} from "@hotwired/stimulus"

// Connects to data-controller="auto-session-timeout"
export default class extends Controller {

    initialize() {
        this.intervalId = 0;
        this.waitUntil = 0

        this.frequency = Number(this.element.dataset.astFrequency) || 60;
        this.active_path = String(this.element.dataset.astActivePath)
        this.keep_alive_path = String(this.element.dataset.astKeepAlivePath)

        super.initialize();
    }

    connect() {
        if (this.active_path === 'undefined') {
            console.log('auto-session-timeout message:')
            console.log('ast-active-path is not defined - value: ' + this.active_path);
            return;
        }

        if (this.keep_alive_path === 'undefined') {
            console.log('auto-session-timeout message:')
            console.log('ast-ping-path is not defined - value: ' + this.keep_alive_path);
            return;
        }

        this.intervalId = setInterval(this.check_timeout.bind(this), (this.frequency * 1000));
    }

    disconnect() {
        clearInterval(this.intervalId);
    }

    check_return_value(event) {
        var status = event.target.status;
        var response = event.target.response;

        if (status === 200 && (response === false || response === 'false' || response === null)) {
            location.reload();
        }
    }

    check_timeout() {
        const request = new XMLHttpRequest();

        request.onload = this.check_return_value.bind(this);

        request.open('GET', this.active_path, true);
        request.responseType = 'json';
        request.send();
    }

    keep_alive() {
        const request = new XMLHttpRequest();

        if (Date.now() >= this.waitUntil) {
            this.waitUntil = Date.now() + 1000 * this.frequency;
        } else {
            return;
        }

        request.onload = this.check_return_value.bind(this);

        request.open('GET', this.keep_alive_path, true);
        request.responseType = 'json';
        request.send();
    }
}

Helper method:

app/helpers/application_helper.rb

  def auto_session_timeout_settings
    if user_signed_in?
      data_action = [
        'keypress->auto-session-timeout#keep_alive',
        'scroll@window->auto-session-timeout#keep_alive'
      ]

      {
        data: {
          controller: 'auto-session-timeout',
          'ast-frequency': 5,
          'ast-active-path': active_path,
          'ast-keep-alive-path': keep_alive_path,
          action: data_action.join(' ')
        }
      }
    else
      {}
    end
  end

View:

app/views/layouts/application.html.slim

[...]
body *auto_session_timeout_settings
  [...]

Routes:

config/routes.rb

[...]
  devise_for :users, controllers: { sessions: "users/sessions" }

  devise_scope :user do
    get "active", to: "users/sessions#active"
    get "keep-alive", to: "users/sessions#active"
    # Not used - just for completion
    # get "timeout", to: "users/sessions#timeout"
  end
[...]

Application Controller (thanks to #16 )

[...]
  # has to be after auto_session_timeout so that prepend will not be overwritten.                                                                                                                                  
  # Required: Login will not work without
  # > Can't verify CSRF token authenticity.
  protect_from_forgery with: :exception, prepend: true
[...]

I get the error auto_session_timeout_js is not defined after I added this into my layout:

<% if (current_account) %>
   <%= auto_session_timeout_js %>
<% end %>

I'm using Rails 4.2.0
I think I have everything else set up correctly - do you have any suggestions?

One more edit, I installed jquery-auto-session-timeout but putting it in my Gemfile and running bundle install. However, I still get the same error.

Thanks!

Hi,

When I use jquery-auto-session-timeout-0.5.1 with Jruby 1.5.1,

I got the following error during the building of my Jruby application

D:/My Projects/ruby/ama_etoms_v1/config/routes.rb:100: undefined method zero?' for "/timeout":String (NoMethodError) from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/actionpack-2.3.9/lib/action_controller/routing/route_set.rb:227:indraw'
from D:/My Projects/ruby/ama_etoms_v1/config/routes.rb:1
from D:/My Projects/ruby/ama_etoms_v1/config/routes.rb:171:in load' from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/activesupport-2.3.9/lib/active_support/dependencies.rb:171:inload_with_new_constant_marking'
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/activesupport-2.3.9/lib/active_support/dependencies.rb:547:in new_constants_in' from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/activesupport-2.3.9/lib/active_support/dependencies.rb:171:inload_with_new_constant_marking'
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/actionpack-2.3.9/lib/action_controller/routing/route_set.rb:287:in load_routes!' from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/actionpack-2.3.9/lib/action_controller/routing/route_set.rb:287:ineach'
... 10 levels...
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/rails-2.3.9/lib/commands/server.rb:84
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/rails-2.3.9/lib/commands/server.rb:3:in `require'
from script\server:3

When I commented the line
map.timeout '/timeout', :controller => 'sessions', :action => 'timeout'
the build was a success. But the auto session time out doesn't works.

I am using the autosessiontimeout gem, as given in the read me file.

Please have look on this issue..

Steps to reproduce

1. Create rails 7.1.x app
2. Ensure config.raise_on_missing_callback_actions = true set
3. Add auto_session_timeout to controller
4. Load a page

Expected results
Page loads

Actual results
Unknown action returned (404 status)

Notes

• protect_from_forgery with except clause is root cause

Question
Since active and timeout are documented to require get method, can we remove the protect_from_forgery call altogether? Is it required for get? This would allow us to run application with raise_on_missing_callback_actions = true

Rails 7 was released a few weeks ago :)

The gemspec currently requires that actionpack be lower than version 7. Could this be bumped up?

Is there a callback or approach to give users a warning they are about to be timed out?

we want orgs to be able to set their own timeout, can this be done? per user or per some other record value?

I had everything working or so i though.. Site worked fine until i entered Solidus.

routes.rb
` mount Spree::Core::Engine, at: '/ecommerce'

get 'active' => 'sessions#active'
get 'timeout' => 'sessions#timeout'

`

When going into anything in Solidus it would throw:
ActionController::UrlGenerationError in Spree::OrdersController#edit
No route matches {:action=>"active", :controller=>"sessions"}

I was able to get around this by adding these lines to application_controller.rb

` def timeout_url
'/timeout'
end

def active_url
'/active'
end`

• can you please update the gem to be 0.9.3?

thanks a lot!

DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.

Being able to do this is deprecated. Autoloading during initialization is going
to be an error condition in future versions of Rails.

Reloading does not reboot the application, and therefore code executed during
initialization does not run again. So, if you reload ActionText::ContentHelper, for example,
the expected changes won't be reflected in that stale Module object.

These autoloaded constants have been unloaded.

Please, check the "Autoloading and Reloading Constants" guide for solutions.
(called from <top (required)> at XXX

I would be nice to know if it can be integrated with the Clearance. Can it?

Hi,

If I don't set auto_session_timeout to the same frequency of the JS ping to /active, the session[:auto_session_expires_at] just keep going up and is never reached, even if no action is happening.

Any idea?

I've got your gem up and running, but when I move the mouse, enter something still on the same page, does it still count as idle? because when I'm on the same page more than the specified timeout time, even when I'm typing something and moving the mouse, I still experience auto timeout and logged out automaticaly. Thank you!

Was able to install it "successfully" but when I try to start my application it runs into issues.

jdms-mm:pdlog User$ ruby -v
ruby 2.2.6p322 (2016-04-29 revision 54815) [x86_64-darwin15]

jdms-mm:pdlog User$ rails -v
Rails 5.0.0.rc1

jdms-mm:pdlog User$ bundler -v
Bundler version 1.12.4

jdms-mm:pdlog User$ gem install auto-session-timeout
Successfully installed auto-session-timeout-0.9.2
Parsing documentation for auto-session-timeout-0.9.2
Done installing documentation for auto-session-timeout after 0 seconds
1 gem installed

jdms-mm:pdlog User$ rails c
...
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:89:in rescue in block (2 levels) in require': There was an error while trying to load the gem 'auto-session-timeout'. (Bundler::GemRequireError) Gem Load Error is: undefined methodhide_action' for ActionController::Base:Class
Backtrace for gem load error is:
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:5:in included' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:40:ininclude'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:40:in <top (required)>' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:293:inrequire'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:293:in block in require' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:259:inload_dependency'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:293:in require' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto-session-timeout.rb:1:in<top (required)>'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:86:in require' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:86:inblock (2 levels) in require'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:81:in each' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:81:inblock in require'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:70:in each' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:70:inrequire'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler.rb:102:in `require'
...

Whenever I change language, like -from english to Japanese ,everything works fine.But when I click any of the options on the menu,It gets converted to english again and When I click again on any other options it again gets converted to Japanese.

(1) (2)
(3) (4)

routes.rb
scope "(:locale)", locale: /en|ja/ do
devise_for :users, controllers: { sessions: 'users/sessions' }
devise_scope :user do
match 'active' => 'users/sessions#active', via: :get
match 'timeout' => 'users/sessions#timeout', via: :get
end
end

application_controller.rb
before_action :set_locale
auto_session_timeout 30.minutes
def set_locale
I18n.locale = params[:locale] || I18n.default_locale
end
def default_url_options(options = {})
{ locale: I18n.locale }
end

application.html.erb
<%= auto_session_timeout_js %>

sessions_controller.rb
def active
render_session_status
end
def timeout
flash[:notice] = "Your session has timed out."
redirect_to "/users/sign_in"
end

Problem With this link

Request URL: http://localhost:3000/active

It should be

Request URL: http://localhost:3000/ja/active
or
Request URL: http://localhost:3000/en/active

'active_url' seems to be breaking the Gem in my rails 3.2.11.

What could be the issue?

/home.rvm/gems/ruby-1.9.3-p392/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:14:in `block in auto_session_timeout'