设计记住我和会话

发布于 2024-10-18 02:45:30 字数 462 浏览 4 评论 0原文

我对 devise gem 配置设置感到困惑：

  # The time the user will be remembered without asking for credentials again.
  config.remember_for = 2.weeks

  # The time you want to timeout the user session without activity. After this
  # time the user will be asked for credentials again.
  config.timeout_in = 10.minutes

我想让用户选择“记住我”复选框（即让我保持登录状态），但默认会话超时为 10 分钟。 10 分钟后，即使我点击了“记住我”，它仍要求我再次登录。如果这是真的，那么 Remember_for 就真的毫无意义了。显然我在这里遗漏了一些东西。

原文

I'm confused with the devise gem config settings:

  # The time the user will be remembered without asking for credentials again.
  config.remember_for = 2.weeks

  # The time you want to timeout the user session without activity. After this
  # time the user will be asked for credentials again.
  config.timeout_in = 10.minutes

I want to have a user select the "Remember Me" checkbox (i.e., keep me logged in), but the default session timeout is 10 minutes. After 10 minutes it asks me to log in again even though I have clicked "Remember me". If this is true then the remember_for is really meaningless. Obviously I'm missing something here.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

走野 2024-10-25 02:45:31

Ryan 是正确的，默认的 Devise gem 不支持 :rememberable 和 :timeoutable 选项。然而，与 Ruby 的所有事物一样，如果您不喜欢其他编码人员所做的决定，特别是当它偏离大多数用户可能期望的规范时，那么您可以简单地覆盖它。

感谢（被拒绝的）拉取请求，我们可以通过添加以下代码来覆盖此行为到您的 Devise 配置文件 (/config/initializers/devise.rb) 的顶部：

module Devise
  module Models
    module Timeoutable
      # Checks whether the user session has expired based on configured time.
      def timedout?(last_access)
        return false if remember_exists_and_not_expired?
        last_access && last_access <= self.class.timeout_in.ago
      end

      private

      def remember_exists_and_not_expired?
        return false unless respond_to?(:remember_expired?)
        remember_created_at && !remember_expired?
      end
    end
  end
end

这将允许您配置这两个选项并让它们按您的预期工作。

config.remember_for = 2.weeks
config.timeout_in = 30.minutes

Ryan is correct in that the default Devise gem does not support both the :rememberable and :timeoutable options. However, like all things Ruby, if you don't like the decision that some other coder has made, especially when it strays from the norm that most users are likely to expect, then you can simply override it.

Thanks to a (rejected) pull request we can override this behaviour by adding the following code to the top of your Devise config file (/config/initializers/devise.rb):

module Devise
  module Models
    module Timeoutable
      # Checks whether the user session has expired based on configured time.
      def timedout?(last_access)
        return false if remember_exists_and_not_expired?
        last_access && last_access <= self.class.timeout_in.ago
      end

      private

      def remember_exists_and_not_expired?
        return false unless respond_to?(:remember_expired?)
        remember_created_at && !remember_expired?
      end
    end
  end
end

This will now allow you to configure both options and have them work as you would expect.

config.remember_for = 2.weeks
config.timeout_in = 30.minutes

回复收藏 0 原文

找回味觉 2024-10-25 02:45:31

timeout_in 会在不活动的 10 分钟内自动注销您，并且与 remember_me 复选框不兼容。您可以拥有其中之一，但不能同时拥有两者。

回复收藏 0 原文

当爱已成负担 2024-10-25 02:45:31

以前的答案中的信息已过时。我已经测试了我的项目，该项目使用 Rails 4 和 Devise 3.5.1 以及还检查了设计代码以确定。

现在它会检查Remember Me复选框是否被选中：

if yes，它会检查if Remember_exists_and_not_expired，所以基本上使用config.json。 Remember_for 用于会话管理
如果no，它会检查if last_access <= timeout_in.ago，相应地使用config.timeout_in