Close session and redirect to login in Ruby on Rails

Question

I am working with session[:hash_name] in ruby on rails to keep session information such as username and stuff.

I am trying to find a way to expire this session without the user having to log out. Specially in two cases: after some time it needs to expire and when the user closes the browser.

So far I have found another parameter called cookies[:hash_name] which can expire after some time. But I'm not sure how to check this parameter in every user request and then call reset_session. When the session is reset I need to redirect the user to the login page.

Any suggestion to solve these 2 problems are greatly appreaciated.

Answer 1

You can store the session in a cookie, which is a session cookie by default (meaning it goes away when the user closes the browser), and add an expiration time using :expire_after.

This can be configured in config/initializers/session_store.rb. For example:

Yourapp::Application.config.session_store :cookie_store, 
                                         key: 'your_session_id',
                                         expire_after: 45.minutes

Answer 2

Well im pretty sure that if you run session.delete(:hash_name) that will destroy the session, however it is highly recommended that you don't try to build your own authentication system, especially when it will take you hours to build the most basic functionality, whereas a pre-built solution could be installed in 20 minutes. Not only that, but the pre-built solution is probably twice as secure as anything you can cook up yourself because its been tested and tested by myriad of developer.

I would highly recommend using devise for authentication. With devise you get methods such as sign_out(current_user), which obviously signs out the user that made the request. Take a look at devise's github page

All it takes is gem install devise, add it to your gemfile, and then run

rails g devise:install User # or whatever model name

And they handle the rest