On Fri, Aug 03, 2012 at 12:16:07PM +0200, Tomáš Hrčka wrote: > --- > src/app/controllers/application_controller.rb | 8 +++++++- > src/config/initializers/session_store.rb | 2 +- > src/public/javascripts/application.js | 7 ++++++- > 3 files changed, 14 insertions(+), 3 deletions(-) > > diff --git a/src/app/controllers/application_controller.rb > b/src/app/controllers/application_controller.rb > index 477b7f4..7241e52 100644 > --- a/src/app/controllers/application_controller.rb > +++ b/src/app/controllers/application_controller.rb > @@ -25,7 +25,7 @@ class ApplicationController < ActionController::Base > # FIXME: not sure what we're doing aobut service layer w/ deltacloud > include ApplicationService > helper_method :current_session, :current_user, :filter_view? > - before_filter :read_breadcrumbs, :set_locale > + before_filter :read_breadcrumbs, :set_locale, :check_session > > # General error handlers, must be in order from least specific > # to most specific > @@ -421,4 +421,10 @@ class ApplicationController < ActionController::Base > result > end > > + #before filter to invalidate session for backbone > + def check_session > + return unless request.format == :json > + logout if SessionEntity.find_by_session_id(current_session).created_at < > 15.minutes.ago > + end
Sadly, I've got to NACK this. I encountered an exception where the Backbone JSON requests weren't finding a SessionEntity, so the controller was failing with "undefined method `created_at' for nil:NilClass" on the "logout if..." line above. I rewrote it, to do the SessionEntity.find_by_session_id(current_session) lookup separately, and then to log the user out if it was nil _or_ if it was older than 15 minutes. But this was matching immediately, so the first Backbone request (after 30 seconds or so) would log you out. Without giving it too much thought, I instinctively flipped the conditional around -- log out if session_entity was present and older than 15 minutes. But the first condition was always false for Backbone requests, so it got us the old "Backbone requests keep your session active indefinitely" problem again. We'll need to dig a bit deeper to figure out why we're not finding a SessionEntity on Backbone requests... That seems strange to me. But it's keeping this from working quite as intended. Incidentally, I set out to verify that https://bugzilla.redhat.com/show_bug.cgi?id=798960 was fixed by this patch, and it is -- when the user is logged out, they are always taken back to the login page now. But that's when I discovered that the logout wasn't actually working quite as intended. -- Matt
