#24 ✓resolved

logged_in_timeout not working

Reported by net1957 | January 4th, 2009 @ 05:35 PM

class User < ActiveRecord::Base

 acts_as_authentic :logged_in_timeout => 2.minutes

the timeout is not working (with the default of 10.minutes or mine). My app is based on the sample example

Standard application with all user columns

  create_table "users", :force => true do |t|
    t.string   "login",                               :null => false
    t.string   "crypted_password",                    :null => false
    t.string   "password_salt",                       :null => false
    t.string   "persistence_token",                   :null => false
    t.string   "single_access_token",                 :null => false
    t.string   "perishable_token",    :default => "", :null => false
    t.integer  "login_count",         :default => 0,  :null => false
    t.datetime "last_request_at"
    t.datetime "last_login_at"
    t.datetime "current_login_at"
    t.string   "last_login_ip"
    t.string   "current_login_ip"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "email",               :default => "", :null => false

The controllers use

  before_filter :require_user

I'm new to this gem, so it's possible that I missed a crucial configuration !

Regards and Thanks for this great work.


Comments and changes to this ticket

  • net1957

    net1957 January 6th, 2009 @ 05:02 PM

    I have tried with the sample available at http://github.com/binarylogic/au... without success. I'm never logout-out after 10 minutes (default).

    Do I need to add code to this sample ?


  • Ben Johnson

    Ben Johnson January 6th, 2009 @ 05:04 PM

    • State changed from “new” to “resolved”

    It doesnt log you out, its just a way to count how many users are active

  • net1957

    net1957 January 7th, 2009 @ 05:36 PM

    Thanks for your reply.

    So I tride that :

    class UserSession < Authlogic::Session::Base
      # Timeout session in seconds
      SESSION_TIMEOUT=30  # for tests
      before_validation :check_timeout
      # enforce session timeout
      def check_timeout
        return false if @unauthorized_record.last_request_at + SESSION_TIMEOUT < Time.zone.now

    but without success !

    Any idea ?

  • net1957

    net1957 January 7th, 2009 @ 06:26 PM

    Ok read more and tried that :

    class UserSession < Authlogic::Session::Base
      #  remember_me_for 7.days
      # Timeout session in seconds
      SESSION_TIMEOUT=30  # for tests
      before_validation :check_timeout
      # enforce session timeout
      def check_timeout
        if (record and  not authenticating_with_password?)
          errors.add_to_base("Your session has timed out") if @record.last_request_at + SESSION_TIMEOUT < Time.zone.now

    but that don't let me log in. How to NOT check the timeout on the login form ?

    Thanks for your time

  • Ben Johnson

    Ben Johnson January 7th, 2009 @ 06:56 PM

    • State changed from “resolved” to “open”

    I know what you are trying to do, I've been thinking about adding that feature in, so I'll add it in over the next couple of days and update this when its done.

  • net1957

    net1957 January 8th, 2009 @ 06:38 AM

    Good news ! Tell me if I can help in any way .

    Regards Serge

  • Ben Johnson

    Ben Johnson January 9th, 2009 @ 01:50 AM

    • State changed from “open” to “resolved”

    Ok this is all set. Just do:

    class UserSession < Authlogic::Session::Base
    logout_on_timeout true
  • net1957

    net1957 January 9th, 2009 @ 02:45 PM

    Very nice !

    I want change the Flash message in this case to give a specific message. What would be the best way to do it ?


  • Ben Johnson

    Ben Johnson January 12th, 2009 @ 01:00 AM

    Right now there is no way to give a specific error message as to why the session wasn't found. I wanted to treat the find method just like any other ORM library, it returns nil if not found. My suggestion is to have a generic message saying something like "We're sorry, but you must log in before proceeding. Thank you."

  • Protar Smith
  • sdasfdf

    sdasfdf September 2nd, 2018 @ 03:07 PM

    Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
    panda helper Download
    emu4ios Download
    gbwhatsapp Download

  • rajansingh

    rajansingh November 19th, 2018 @ 03:23 PM

    With acts_as_authentic you get a :logged_in_timeout configuration option. If this is set, after this amount of time has passed the user will be marked as logged out. Obviously, since web based apps are on a per request basis, we have to define a time limit threshold that determines when we consider a user to be “logged out”. Meaning, if they login and then leave the website, when do mark them as logged out? I recommend just using this as a fun feature on your website or reports, giving you a ballpark number of users logged in and active. facetime app download This is not meant to be a dead accurate representation of a users logged in state, since there is really no real way to do this with web based apps. Think about a user that logs in and doesn't log out. There is no action that tells you that the user isn't technically still logged in and active.

    That being said, you can use that feature to require a new login if their session timesout. Similar to how financial sites work. Just set this option to true and if your record returns true for stale? then they will be required to log back in.

  • Clarence247

    Clarence247 December 19th, 2018 @ 06:23 AM

    If the user logged in and then made a second request 16 minutes later the cookie would be re-issued for another 30 minutes. If the user logged in and then made a second request 31 minutes later then the user would be prompted to log in mybkexperience.

  • lindarose11

    lindarose11 December 24th, 2018 @ 04:28 AM

    The article you have shared here very awesome. I really like and appreciated your work. I read deeply your article, the points you have mentioned in this article are useful
    gun mayhem 2

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket