Module: Ixtlan::Rails::SessionTimeout::InstanceMethods

Defined in:
lib/ixtlan/rails/session_timeout.rb

Instance Method Summary collapse

Instance Method Details

#check_sessionObject 



53
54
55
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 53

def check_session
  check_session_browser_signature && check_session_expiry
end

#check_session_browser_signatureObject 



57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 57

def check_session_browser_signature
  if !session[:session_browser_signature].nil? and session[:session_browser_signature] != retrieve_browser_signature
    # browser signature has changed
    session_user_logger.log(self, "browser signature changed from #{session[:session_browser_signature]} to #{retrieve_browser_signature}")
    expire_session
    return false
  else
    # Assign a browser signature
    session[:session_browser_signature] = retrieve_browser_signature
    return true
  end
end

#check_session_expiryObject 



27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 27

def check_session_expiry
  if !session[:expires_at].nil? and session[:expires_at] < DateTime.now
    # Session has expired.
    session_user_logger.log(self, "session timeout")
    expire_session
  else
    # Assign a new expiry time
    session[:expires_at] = session_timeout.minutes.from_now
    return true
  end
end

#check_session_ip_bindingObject

IP binding is not very useful in the wild since some ISP use a different IP for each request, i.e. the session uses many IPs



41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 41

def check_session_ip_binding
  if !session[:session_ip].nil? and session[:session_ip] != request.headers['REMOTE_ADDR']
    # client IP has changed
    session_user_logger.log(self, "IP changed from #{session[:session_ip]} to #{request.headers['REMOTE_ADDR']}")
    expire_session
  else
    # Assign client IP
    session[:session_ip] = request.headers['REMOTE_ADDR']
    return true
  end
end

#render_session_timeoutObject 



77
78
79
80
81
82
83
84
85
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 77

def render_session_timeout
  respond_to do |format|
    format.html {
      @notice = "session timeout" unless @notice
      render :template => "sessions/login"
    }
    format.xml { head :unauthorized }
  end
end

#retrieve_browser_signatureObject 



70
71
72
73
74
75
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 70

def retrieve_browser_signature
  [request.headers['HTTP_USER_AGENT'],
   request.headers['HTTP_ACCEPT_LANGUAGE'],
   request.headers['HTTP_ACCEPT_ENCODING'],
   request.headers['HTTP_ACCEPT']].join('|')
end

#session_timeoutObject 



87
88
89
 
# File 'lib/ixtlan/rails/session_timeout.rb', line 87

def session_timeout
  CONFIG.instance.session_idle_timeout
end