On 08/06/2012 04:32 AM, Tomas Hrcka wrote:
On Fri, 2012-08-03 at 09:25 -0400, Scott Seago wrote:
On 08/03/2012 06:16 AM, Tomáš Hrčka wrote:
I have added before filter to check if request is json and then invalidate
session manually.
Regular user activity is handled by activerecord session store timeout option.
This patch may need another revision
to set the session timeout time in configuration file, but right now I am not
sure where it should be.
There is another option to make sure all sesions ale expired is to create
delayed_job
job for periodicaly checking SessionEntity table.
I don't think the request being json is a sufficient test for backbone
-- json is also a valid request format for API calls (and at one point
we used json in some of our own UI calls for ajax stuff - although we
may not be doing that right now). I think we need to check something
more backbone-specific -- possibly inserting a query param for backbone
reqests (backbone=true or something similar).
Scott
Yes I know that is exactly what I had in mind, but appending stuff to
backbone requests is not that easy. And when the before filter catch
JSON request for API it actually does not matter because API session
have 2.minutes expiration.
Tomas
So the one edge case here would be any ajax request that uses json
wouldn't register as activity. I'm not sure if we're using json for ajax
requests now, but perhaps we could take the request param bit in
reverse. For any ui-related json call, append some variable
(non_backbone, ui_activity, or whatever) so that any request that sets
this param, don't invalidate the session.
Scott
