Class: UberLogin::Configuration
- Inherits:
-
Object
- Object
- UberLogin::Configuration
- Defined in:
- lib/uber_login/configuration.rb
Instance Attribute Summary collapse
-
#allow_multiple_login ⇒ Object
Allow the same user to login on many different devices.
-
#strong_sessions ⇒ Object
Non persistent sessions are saved to the database too.
-
#tie_tokens_to_ip ⇒ Object
A token is considered valid only if brought by the same IP address to which it was assigned.
-
#token_expiration ⇒ Object
The validity of a login token (be it a cookie or session token).
Instance Method Summary collapse
-
#initialize ⇒ Configuration
constructor
A new instance of Configuration.
Constructor Details
#initialize ⇒ Configuration
Returns a new instance of Configuration.
31 32 33 34 35 36 |
# File 'lib/uber_login/configuration.rb', line 31 def initialize self.allow_multiple_login = true self.token_expiration = nil self.tie_tokens_to_ip = false self.strong_sessions = true end |
Instance Attribute Details
#allow_multiple_login ⇒ Object
Allow the same user to login on many different devices. This is only effective if strong_sessions is true
. Otherwise it only affects persistent logins. Defaults to true
8 9 10 |
# File 'lib/uber_login/configuration.rb', line 8 def allow_multiple_login @allow_multiple_login end |
#strong_sessions ⇒ Object
Non persistent sessions are saved to the database too. On each request the session token is checked against the database just like the cookies one. It won’t refresh it, however. This allows you to do nice things, like logging out users, just by removing the token from the database. Or having a full list of open sessions of any kind on any device. Even though this is strongly suggested to be true
, it might impact performance, issuing a query on almost each page load. Be sure to index :uid and :sequence together on the login_tokens
table.
29 30 31 |
# File 'lib/uber_login/configuration.rb', line 29 def strong_sessions @strong_sessions end |
#tie_tokens_to_ip ⇒ Object
A token is considered valid only if brought by the same IP address to which it was assigned. This would provide a very effective solution against Cookie sniffing, unless it would affect legitimate users a lot. 99% of ISPs will change user IP on each connecition. Also mobile devices might change IP many times in a hour. Setting this to true may disconnect many mobile users each minute. Only decently usable in a private network where all IPs are static (or if you’re really paranoid). Defaults to false
21 22 23 |
# File 'lib/uber_login/configuration.rb', line 21 def tie_tokens_to_ip @tie_tokens_to_ip end |
#token_expiration ⇒ Object
The validity of a login token (be it a cookie or session token). Tokens whose age is larger than that are considered expired and not valid. Defaults to nil
(no expiration)
13 14 15 |
# File 'lib/uber_login/configuration.rb', line 13 def token_expiration @token_expiration end |