Okay, so for my game Hexwar I needed some way to expire the login stored in the session. So, my first stop was google and the top answers Ruby On Rails Security Guide, Sessions and cookies in Ruby on Rails, and Rails Session Timeout all seemed a bit more involved than I wanted this early in the morning. So, I'll just roll my own!
First, to understand what I need, one must understand what I have. I'm using the classic pattern of a before_filter in the application controller that routes a person to the sessions controller to force a login.
Now, I wanted a login to last one day. I may change this in the future to expire if there's no activity for a period, but for now the hard one day limit works for me. So, I just add an expiration time to the session and unset it when past.
I realize this code is in no way impressive and there's probably a more Ruby-centric way to do this, but I haven't written for my blog in a while and this is what I just finished.
No comments:
Post a Comment