Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Using logout_on_timeout with page auto-refresh #291

Closed
jsarma opened this Issue · 1 comment

2 participants

@jsarma

Does anyone know if there's a preferred method for supporting both of the following features?

1) automatic user logout for security reasons after, say, 15 minutes

2) Periodic page refresh every minute so the user can receive timely content updates.

I've tried both meta-refresh and javascript refresh. Each auto-refresh method causes the user's last_requested_at column to be updated. This update in turn prevents session timeout due to inactivity from working.

Ideally, there would be a way to issue a 'special' periodic page request that contains a parameter that tells authlogic not to update last_updated_at.

Does anyone have ideas for how this could be done? I think this would be a very useful addition to Authlogic (which is the bomb, by the way)

Thanks everyone

Justin

@tiegz
Collaborator

@jsarma you could use the logged_in_timeout/logout_on_timeout settings for # 1 (the default is 10 minutes). I think # 2 is mostly out-of-scope for authlogic, but it is possible to define a last_request_update_allowed? method on your controller to determine if that column should be updated.

(closing, but feel free to reopen)

@tiegz tiegz closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.