timeout and single_access_token don't work together #64

skippy opened this Issue Nov 5, 2009 · 8 comments


None yet
7 participants

skippy commented Nov 5, 2009


if you have the timeout logic enabled as well as the column 'last_request_at', then a single_access_token will be flagged as 'stale' because logged_out will return true (which is because last_request_at is not set or is old).

to fix this, one needs to replace (in lib/session/timeout.rb)

      before_persisting :reset_stale_state
      after_persisting :enforce_timeout


      before_persisting :reset_stale_state, :unless => :single_access?
      after_persisting :enforce_timeout,    :unless => :single_access?


mwhuss commented Aug 25, 2010

+1 I am having this exact same issue.

mhaley commented Sep 27, 2010

If you just want to fix the problem in your app you can modify your UserSession model like so:
class UserSession < Authlogic::Session::Base
before_persisting :reset_stale_state, :unless => :single_access?
after_persisting :enforce_timeout, :unless => :single_access?

danieli commented Jul 27, 2011

I tried mhaley's way of fixing the problem in app, by modifying UserSession, and the single access token works but then logout on timeout stops working. Using authlogic 3.0.3. Any ideas?

Also having this same issue.

I went ahead and extended Authlogic's stale? method so that it does not see requests as stale? if accessing via single_access?. This keeps logic for logout_on_timeout intact.

class UserSession < Authlogic::Session::Base
  logout_on_timeout true

  def stale?
    return false if single_access?

jaredbeck commented Dec 25, 2016

Closing due to lack of activity. If this is still an issue in the latest version of authlogic (currently 3.5) please let us know and we'll be happy to reopen.

@jaredbeck jaredbeck closed this Dec 25, 2016

Lauch commented Oct 3, 2017

Still happens in version 3.6. I would really appreciate documentation for this behaviour or a configuration option. (Workaround provided by @jgdreyes also still works).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment