This article is a continuation of Implementing Account BAN. If you like, please click here.
If the user does not access for a certain period of time This time I will implement a mechanism to automatically cancel the login status. First from session_controller. The heart of this time is session [: last_access_time] = Time.current part. Save the current time in session when you log in. The rest is a normal login process.
sessions_controller.rb
class User::SessionsController < User::Base
#abridgement...
if User::Authenticator.new(user_member).authenticate(@form.password)
if user_member.suspended?
flash.now.alert = "Account is suspended"
render action: "new"
else
session[:user_member_id] = user_member.id
#Save the current time in session at login.
session[:last_access_time] = Time.current
flash.notice = "You are now logged"
redirect_to :user_root
end
else
flash.now.alert = "Incorrect email address or password"
render action: "new"
end
end
end
And here is the implementation of session timeout. This time, if there is no login for 60 minutes or more, the session will time out.
controllers/user/base.rb
#Set timeout time to 60 minutes
TIMEOUT = 60.minutes
private def check_timeout
if current_user
#Session if last access was less than 60 minutes[:last_access_time]To the current time
if session[:last_access_time] >= TIMEOUT.ago
session[:last_access_time] = Time.current
#If the last access is not within 60, delete the session as a session timeout and
#Redirect to the top screen.
else
session.delete(user_id)
flash.alert = "The session has timed out."
redirect_to :staff_login
end
end
end
I was able to implement it like this. It was easier than I expected. Save the last access time in session. Is that the important part? That's all for today.
71 days to become a full-fledged engineer
Recommended Posts