Sinatra 中的会话问题
我的 sinatra 应用程序使用 Rack::Session::Pool 并且工作正常。
我使用 session.clear 创建了一个注销路由,它也工作得很好。
但是(总是有这样的情况)如果用户关闭浏览器而没有单击注销按钮,则用户在重新打开浏览器时将保持登录状态。
我检查了 Firefox 中的 cookie,会话 cookie (rack.session) 仍然存在!我去了我的网站,去了另一个网站,验证了 cookie,它就在那里,关闭浏览器并再次打开它,rack.session 仍然在那里:(我的客户甚至重新启动了他的机器,他仍然登录了该网站。
如果我在 Rack::Session::Pool 中设置了 expire_date ,它有效,但随后 cookie 变得持久,我希望用户的会话在关闭浏览器时过期,无论过期日期如何(最糟糕的情况是公共计算机中的用户)。或在局域网中)
我已经为此工作了两天,我查看了机架源代码并尝试在 Rack::Session::Abstract 中设置其他变量,但到目前为止还没有成功
。将会话设置为在 5 分钟内过期以最大程度地减少问题,但这不是一个好的解决方案,因为自上次请求以来用户仍然暴露 5 分钟(如果用户没有点击注销按钮)
这是我的 cookie 配置:
app = MyApp.new
sessioned = Rack::Session::Pool.new(app,
:domain => DOMAIN,
:expire_after => 5 * 60)
run sessioned
也许我在这里遗漏了一些东西,有人知道可能是什么问题吗?或者有什么链接吗?
干杯,
乔纳斯
My sinatra application uses Rack::Session::Pool and it works fine.
I created a logout route using session.clear and it works fine as well.
But (there is always one) if the user closes the browser without clicking in the logout button the user keeps logged when he reopens the browser.
I checked the cookies in firefox and the session cookie (rack.session) still there! I went to my site, went to another site, verified the cookies and it was there, closed the browser and opened it again and the rack.session still there :( My client even rebooted his machine and he still logged in the site.
If I set the expire_date in the Rack::Session::Pool it works but then the cookie became persistent. I want the user's session to expire when he closes the browser regardless of expiration date (the worse case scenario is an user in a public computer or in a lan house).
I'm already working on this for 2 days, I looked in the rack source and I tried setting the others variables in the Rack::Session::Abstract but with no success until now.
For now I set the session to expire in 5 minutes to minimize the problem but this is not a good solution since the user still exposed for 5 minutes since his last request (if the users don't hit the logout button).
This is my cookie configuration:
app = MyApp.new
sessioned = Rack::Session::Pool.new(app,
:domain => DOMAIN,
:expire_after => 5 * 60)
run sessioned
Maybe I missing something here. Does anyone know what could be the problem? or had the same problem? Or any link?
Cheers,
Jonas
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
删除 :expire_after ,它会在浏览器关闭时停止会话的持续存在。
Remove the :expire_after and it stops the session persisting when the browser is closed.