Module: Authlogic::Session::Timeout::Config

Defined in:


Configuration for the timeout feature.

Instance Method Summary collapse

Instance Method Details

#logout_on_timeout(value = nil) ⇒ Object Also known as: logout_on_timeout=

With acts_as_authentic you get a :logged_in_timeout configuration option. If this is set, after this amount of time has passed the user will be marked as logged out. Obviously, since web based apps are on a per request basis, we have to define a time limit threshold that determines when we consider a user to be “logged out”. Meaning, if they login and then leave the website, when do mark them as logged out? I recommend just using this as a fun feature on your website or reports, giving you a ballpark number of users logged in and active. This is not meant to be a dead accurate representation of a users logged in state, since there is really no real way to do this with web based apps. Think about a user that logs in and doesn't log out. There is no action that tells you that the user isn't technically still logged in and active.

That being said, you can use that feature to require a new login if their session timesout. Similar to how financial sites work. Just set this option to true and if your record returns true for stale? then they will be required to log back in.

Lastly, UserSession.find will still return a object is the session is stale, but you will not get a record. This allows you to determine if the user needs to log back in because their session went stale, or because they just aren't logged in. Just call current_user_session.stale? as your flag.

  • Default: false

  • Accepts: Boolean

# File 'lib/authlogic/session/timeout.rb', line 50

def logout_on_timeout(value = nil)
  rw_config(:logout_on_timeout, value, false)