0

I would like to build a rake task or a tool to destroy all active sessions that is called from CLI when I want and on every night at around 9:00 pm or so.

I found that Devise has the ability to specify a timeout. I use Devise for user sessions. About a third of my users' sessions never time out, despite their system remaining inactive for over one hour.

I don't know what kind of job I need. Feedback would be a plus. Also maybe some links to documentation. Additionally, I can't figure out how to target sessions to destroy them. Rails guides and so on are not clear regarding if it destroys one user's session or all server-client sessions. I need all client-server sessions to be de-activated. Documentation is great, but I like some good explanation.

sawa
  • 165,429
  • 45
  • 277
  • 381
Crash
  • 321
  • 1
  • 4
  • 15
  • Not sure why you would want to always reset sessions at a specific time... Forcing users to remember their usernames and passwords is never a good thing. Anyway, this other question should help you out: http://stackoverflow.com/questions/16406208/how-can-i-reset-all-devise-sessions-so-every-user-has-to-login-again – Ashitaka Nov 27 '13 at 17:08
  • For a 'timecard' system. It's not about forcing them to remember their credentials, more about tracking what time they log in & out- but if they never log out, the point is lost all together. I love the idea of changing the session, but it seems you have to actually manually change the config/initializers/session_store script. My first thought is to make a script that automatically changes it with a randomly generated key value- but then version control pretty much goes out the window. Are there any ways around that, to your knowledge? – Crash Nov 27 '13 at 19:57
  • But if you force the logout, you still don't know the actual time your users logged out. It seems to me all you really want is to track the login time. – Ashitaka Nov 27 '13 at 22:17
  • This is mostly correct. If their session is still active, a new timecard can not be generated. All sessions must be closed at the end of the day to open timecards the next day. The card tracks login time, first account completion time, lunch out & lunch in, last account completion time, total accounts completed, and logout. In the event the user doesn't log out, we go off of last account completion time. The log out is not as important as log in, but we are trying to encourage people to remember to log out. – Crash Nov 27 '13 at 22:50

2 Answers2

1

You could store your secret_key in an ENV variable. In fact, you should try to keep your secret_token away from source control. So you should have an ENV variable that you can change at runtime. Like this:

YourApp::Application.config.secret_token = ENV['SECRET_TOKEN']

To create a secure token you should use SecureRandom.hex(64).

But anyway, if all you want is track when users visit the site, you could create a before_filter that runs before certain actions. A simple example would be:

class ApplicationController < ActionController::Base
  before_filter :save_time_of_last_visit

  def save_time_of_last_visit
    current_user.touch(:last_sign_in_at) if user_signed_in?
  end
end
Ashitaka
  • 19,028
  • 6
  • 54
  • 69
  • I haven't yet had a chance to test this out due to a more important project having been assigned, but I believe this should be what I need. Marking this as my answer, and thanks again! – Crash Dec 13 '13 at 17:59
0

If you use memcache to store the sessions you can create a cron task to restart it.

amenzhinsky
  • 962
  • 6
  • 12