pelargir / auto-session-timeout Goto Github PK
View Code? Open in Web Editor NEWProvides automatic session timeout in a Rails application.
License: MIT License
Provides automatic session timeout in a Rails application.
License: MIT License
With the recent release of Rails 7.1, this gem now needs updating so that it is compatible.
I've created a Pull Request #42 to add Rails v7.1 to the testing matrix (as well as added tests for newer versions of ruby too)
Hi,
In installed the auto-session-timeout gem and getting this error from the application.html.erb where this code was inserted.
<% if current_user %> <%= auto_session_timeout_js %> <% end %>ActionView::Template::Error (undefined local variable or method `current_user' for #<#Class:0x007fc05c25ecd8:0x007fc04615b658>):
is there a location where the current_user variable is defined. I used the instructions given to implement the timeout feature.
Thank you
Carmelo
Now that checks have been added to make sure the gem is compatible with Rails 7.1 it would be good to create a new release so that we can use it in our Rails 7.1 projects.
This is currently blocking me making the upgrade to Rails 7.1 on some of my projects (though I know I could always target the git branch)
I'm getting the active heartbeat every 1 minute.
def auto_timeout 2.minutes end
I never get a timeout. Where should I look for clues?
I tried both:
def timeout signout_user # my existing method end
def timeout render_session_timeout end
Rails 5.0.7
When the app does timeout as expected and redirects to the login route I invariably get an ActionController::InvalidAuthenticityToken when trying to login and create a session. Any ideas?
Routes:
devise_scope :user do
match 'active' => 'users/sessions#active', via: :get
match 'timeout' => 'users/sessions#timeout', via: :get
get 'login', to: 'devise/sessions#new'
end
Log:
Started GET "/login" for 127.0.0.1 at 2017-06-07 10:16:23 -0400
Processing by Devise::SessionsController#new as HTML
Rendering devise/sessions/new.html.erb within layouts/application
Rendered devise/shared/_links.html.erb (0.9ms)
Rendered devise/sessions/new.html.erb within layouts/application (23.3ms)
Rendered layouts/_messages.html.erb (0.3ms)
Rendered layouts/_navigation.html.erb (3.9ms)
Completed 200 OK in 267ms (Views: 265.3ms | ActiveRecord: 0.0ms)
Started POST "/users/sign_in" for 127.0.0.1 at 2017-06-07 10:19:50 -0400
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
When use turbolinks, consider clicking the 'next page' button of a list for several times, the trigger of post '/active' will repeat for this times. e.g. I auto_session_timeout_js frequency: 120
, and then click 'next page' for 5 times, then every 120 seconds will post to /action
for 5 times. That's caused by write the codes in body. The correct way to do is wrapping the codes in $('document').on('turbolinks:load', function(){})
.
Hello and thank you very much for this gem.
This is not a bug - it is more kind of a documentation improvement or suggestion to create a Node.js package.
I am using Rails 7.1 with Hotwire Stimulus-Rails/Turbo-Rails and ended up writing my own Stimulus controller for AutoSessionTimeout, based on the provided JS.
I experimented a bit with Stimulus and came up with this solution.
My Stimulus controller provides:
This is my first attempt to dig into JS - if there are any mistakes or possible improvements, please let me know :-)
app/javascript/controllers/index.js
[...]
import AutoSessionTimeoutController from "./auto_session_timeout_controller"
application.register("auto-session-timeout", AutoSessionTimeoutController)
[...]
app/javascript/controllers/auto_session_timeout_controller.js
import {Controller} from "@hotwired/stimulus"
// Connects to data-controller="auto-session-timeout"
export default class extends Controller {
initialize() {
this.intervalId = 0;
this.waitUntil = 0
this.frequency = Number(this.element.dataset.astFrequency) || 60;
this.active_path = String(this.element.dataset.astActivePath)
this.keep_alive_path = String(this.element.dataset.astKeepAlivePath)
super.initialize();
}
connect() {
if (this.active_path === 'undefined') {
console.log('auto-session-timeout message:')
console.log('ast-active-path is not defined - value: ' + this.active_path);
return;
}
if (this.keep_alive_path === 'undefined') {
console.log('auto-session-timeout message:')
console.log('ast-ping-path is not defined - value: ' + this.keep_alive_path);
return;
}
this.intervalId = setInterval(this.check_timeout.bind(this), (this.frequency * 1000));
}
disconnect() {
clearInterval(this.intervalId);
}
check_return_value(event) {
var status = event.target.status;
var response = event.target.response;
if (status === 200 && (response === false || response === 'false' || response === null)) {
location.reload();
}
}
check_timeout() {
const request = new XMLHttpRequest();
request.onload = this.check_return_value.bind(this);
request.open('GET', this.active_path, true);
request.responseType = 'json';
request.send();
}
keep_alive() {
const request = new XMLHttpRequest();
if (Date.now() >= this.waitUntil) {
this.waitUntil = Date.now() + 1000 * this.frequency;
} else {
return;
}
request.onload = this.check_return_value.bind(this);
request.open('GET', this.keep_alive_path, true);
request.responseType = 'json';
request.send();
}
}
app/helpers/application_helper.rb
def auto_session_timeout_settings
if user_signed_in?
data_action = [
'keypress->auto-session-timeout#keep_alive',
'scroll@window->auto-session-timeout#keep_alive'
]
{
data: {
controller: 'auto-session-timeout',
'ast-frequency': 5,
'ast-active-path': active_path,
'ast-keep-alive-path': keep_alive_path,
action: data_action.join(' ')
}
}
else
{}
end
end
app/views/layouts/application.html.slim
[...]
body *auto_session_timeout_settings
[...]
config/routes.rb
[...]
devise_for :users, controllers: { sessions: "users/sessions" }
devise_scope :user do
get "active", to: "users/sessions#active"
get "keep-alive", to: "users/sessions#active"
# Not used - just for completion
# get "timeout", to: "users/sessions#timeout"
end
[...]
[...]
# has to be after auto_session_timeout so that prepend will not be overwritten.
# Required: Login will not work without
# > Can't verify CSRF token authenticity.
protect_from_forgery with: :exception, prepend: true
[...]
I get the error auto_session_timeout_js is not defined
after I added this into my layout:
<% if (current_account) %>
<%= auto_session_timeout_js %>
<% end %>
I'm using Rails 4.2.0
I think I have everything else set up correctly - do you have any suggestions?
One more edit, I installed jquery-auto-session-timeout
but putting it in my Gemfile and running bundle install. However, I still get the same error.
Thanks!
Hi,
When I use jquery-auto-session-timeout-0.5.1 with Jruby 1.5.1,
I got the following error during the building of my Jruby application
D:/My Projects/ruby/ama_etoms_v1/config/routes.rb:100: undefined method zero?' for "/timeout":String (NoMethodError) from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/actionpack-2.3.9/lib/action_controller/routing/route_set.rb:227:in
draw'
from D:/My Projects/ruby/ama_etoms_v1/config/routes.rb:1
from D:/My Projects/ruby/ama_etoms_v1/config/routes.rb:171:in load' from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/activesupport-2.3.9/lib/active_support/dependencies.rb:171:in
load_with_new_constant_marking'
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/activesupport-2.3.9/lib/active_support/dependencies.rb:547:in new_constants_in' from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/activesupport-2.3.9/lib/active_support/dependencies.rb:171:in
load_with_new_constant_marking'
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/actionpack-2.3.9/lib/action_controller/routing/route_set.rb:287:in load_routes!' from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/actionpack-2.3.9/lib/action_controller/routing/route_set.rb:287:in
each'
... 10 levels...
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/rails-2.3.9/lib/commands/server.rb:84
from C:/NetBeans 6.9.1/ruby/jruby-1.5.1/lib/ruby/gems/1.8/gems/rails-2.3.9/lib/commands/server.rb:3:in `require'
from script\server:3
When I commented the line
map.timeout '/timeout', :controller => 'sessions', :action => 'timeout'
the build was a success. But the auto session time out doesn't works.
I am using the autosessiontimeout gem, as given in the read me file.
Please have look on this issue..
Steps to reproduce
config.raise_on_missing_callback_actions = true
setauto_session_timeout
to controllerExpected results
Page loads
Actual results
Unknown action returned (404 status)
Notes
Question
Since active
and timeout
are documented to require get
method, can we remove the protect_from_forgery
call altogether? Is it required for get
? This would allow us to run application with raise_on_missing_callback_actions = true
Rails 7 was released a few weeks ago :)
The gemspec currently requires that actionpack be lower than version 7. Could this be bumped up?
Is there a callback or approach to give users a warning they are about to be timed out?
we want orgs to be able to set their own timeout, can this be done? per user or per some other record value?
I had everything working or so i though.. Site worked fine until i entered Solidus.
routes.rb
` mount Spree::Core::Engine, at: '/ecommerce'
get 'active' => 'sessions#active'
get 'timeout' => 'sessions#timeout'
`
When going into anything in Solidus it would throw:
ActionController::UrlGenerationError in Spree::OrdersController#edit
No route matches {:action=>"active", :controller=>"sessions"}
I was able to get around this by adding these lines to application_controller.rb
` def timeout_url
'/timeout'
end
def active_url
'/active'
end`
thanks a lot!
DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.
Being able to do this is deprecated. Autoloading during initialization is going
to be an error condition in future versions of Rails.
Reloading does not reboot the application, and therefore code executed during
initialization does not run again. So, if you reload ActionText::ContentHelper, for example,
the expected changes won't be reflected in that stale Module object.
These autoloaded constants have been unloaded.
Please, check the "Autoloading and Reloading Constants" guide for solutions.
(called from <top (required)> at XXX
I would be nice to know if it can be integrated with the Clearance. Can it?
Hi,
If I don't set auto_session_timeout
to the same frequency of the JS ping to /active
, the session[:auto_session_expires_at]
just keep going up and is never reached, even if no action is happening.
Any idea?
I've got your gem up and running, but when I move the mouse, enter something still on the same page, does it still count as idle? because when I'm on the same page more than the specified timeout time, even when I'm typing something and moving the mouse, I still experience auto timeout and logged out automaticaly. Thank you!
Was able to install it "successfully" but when I try to start my application it runs into issues.
jdms-mm:pdlog User$ ruby -v
ruby 2.2.6p322 (2016-04-29 revision 54815) [x86_64-darwin15]
jdms-mm:pdlog User$ rails -v
Rails 5.0.0.rc1
jdms-mm:pdlog User$ bundler -v
Bundler version 1.12.4
jdms-mm:pdlog User$ gem install auto-session-timeout
Successfully installed auto-session-timeout-0.9.2
Parsing documentation for auto-session-timeout-0.9.2
Done installing documentation for auto-session-timeout after 0 seconds
1 gem installed
jdms-mm:pdlog User$ rails c
...
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:89:in rescue in block (2 levels) in require': There was an error while trying to load the gem 'auto-session-timeout'. (Bundler::GemRequireError) Gem Load Error is: undefined method
hide_action' for ActionController::Base:Class
Backtrace for gem load error is:
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:5:in included' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:40:in
include'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:40:in <top (required)>' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:293:in
require'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:293:in block in require' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:259:in
load_dependency'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/activesupport-5.0.0.rc1/lib/active_support/dependencies.rb:293:in require' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/auto-session-timeout-0.9.2/lib/auto-session-timeout.rb:1:in
<top (required)>'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:86:in require' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:86:in
block (2 levels) in require'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:81:in each' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:81:in
block in require'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:70:in each' /Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler/runtime.rb:70:in
require'
/Users/jdm/.rvm/gems/ruby-2.2-head@pdlog/gems/bundler-1.12.4/lib/bundler.rb:102:in `require'
...
Whenever I change language, like -from english to Japanese ,everything works fine.But when I click any of the options on the menu,It gets converted to english again and When I click again on any other options it again gets converted to Japanese.
routes.rb
scope "(:locale)", locale: /en|ja/ do
devise_for :users, controllers: { sessions: 'users/sessions' }
devise_scope :user do
match 'active' => 'users/sessions#active', via: :get
match 'timeout' => 'users/sessions#timeout', via: :get
end
end
application_controller.rb
before_action :set_locale
auto_session_timeout 30.minutes
def set_locale
I18n.locale = params[:locale] || I18n.default_locale
end
def default_url_options(options = {})
{ locale: I18n.locale }
end
application.html.erb
<%= auto_session_timeout_js %>
sessions_controller.rb
def active
render_session_status
end
def timeout
flash[:notice] = "Your session has timed out."
redirect_to "/users/sign_in"
end
Request URL: http://localhost:3000/active
Request URL: http://localhost:3000/ja/active
or
Request URL: http://localhost:3000/en/active
'active_url' seems to be breaking the Gem in my rails 3.2.11.
What could be the issue?
/home.rvm/gems/ruby-1.9.3-p392/gems/auto-session-timeout-0.9.2/lib/auto_session_timeout.rb:14:in `block in auto_session_timeout'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.