Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated_at only changes after post or delete #98

Open
iamdriz opened this issue Jan 18, 2017 · 1 comment
Open

updated_at only changes after post or delete #98

iamdriz opened this issue Jan 18, 2017 · 1 comment

Comments

@iamdriz
Copy link

iamdriz commented Jan 18, 2017
edited

I've noticed that the sessions' updated_at column only changes when doing a POST or DELETE. If you just navigate around your app (so just doing GET requests) the session updated_at doesn't change to the current time. This means you can't see when the user last made a request, and so you can't delete sessions from the database that are older than the expiration time set in session_store.

My solution to this was to add a method to my ApplicationController:

def update_session
  current_session = Session.where(session_id: request.session_options[:id]).first
  current_session.update(:updated_at => Time.now) if current_session.present?
end

That I call in the before_action so that it updates the session whenever a user makes any request!
@iamdriz iamdriz mentioned this issue Jan 18, 2017
Closed
@rafaelfranca
Copy link
Member

rafaelfranca commented May 11, 2017
edited

I think it is because POST and DELETE requests change the session to log the CSRF token. If your GET request changes the session does it also update it in the database?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rafaelfranca @iamdriz