Class: UberLogin::Configuration

Inherits:

Object

• Object
• UberLogin::Configuration

Defined in:

lib/uber_login/configuration.rb

Instance Attribute Summary

• #allow_multiple_login ⇒ Object

  Allow the same user to login on many different devices.

• #strong_sessions ⇒ Object

  Non persistent sessions are saved to the database too.

• #tie_tokens_to_ip ⇒ Object

  A token is considered valid only if brought by the same IP address to which it was assigned.

• #token_expiration ⇒ Object

  The validity of a login token (be it a cookie or session token).

Instance Method Summary

• #initialize ⇒ Configuration constructor

  A new instance of Configuration.

Constructor Details

#initialize ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/uber_login/configuration.rb', line 31

def initialize
  self.allow_multiple_login = true
  self.token_expiration = nil
  self.tie_tokens_to_ip = false
  self.strong_sessions = true
end

Instance Attribute Details

#allow_multiple_login ⇒ Object

Allow the same user to login on many different devices. This is only effective if strong_sessions is true. Otherwise it only affects persistent logins. Defaults to true

# File 'lib/uber_login/configuration.rb', line 8

def allow_multiple_login
  @allow_multiple_login
end

#strong_sessions ⇒ Object

Non persistent sessions are saved to the database too. On each request the session token is checked against the database just like the cookies one. It won’t refresh it, however. This allows you to do nice things, like logging out users, just by removing the token from the database. Or having a full list of open sessions of any kind on any device. Even though this is strongly suggested to be true, it might impact performance, issuing a query on almost each page load. Be sure to index :uid and :sequence together on the login_tokens table.

# File 'lib/uber_login/configuration.rb', line 29

def strong_sessions
  @strong_sessions
end

#tie_tokens_to_ip ⇒ Object

A token is considered valid only if brought by the same IP address to which it was assigned. This would provide a very effective solution against Cookie sniffing, unless it would affect legitimate users a lot. 99% of ISPs will change user IP on each connecition. Also mobile devices might change IP many times in a hour. Setting this to true may disconnect many mobile users each minute. Only decently usable in a private network where all IPs are static (or if you’re really paranoid). Defaults to false

# File 'lib/uber_login/configuration.rb', line 21

def tie_tokens_to_ip
  @tie_tokens_to_ip
end

#token_expiration ⇒ Object

The validity of a login token (be it a cookie or session token). Tokens whose age is larger than that are considered expired and not valid. Defaults to nil (no expiration)

# File 'lib/uber_login/configuration.rb', line 13

def token_expiration
  @token_expiration
end