module Sorcery::Controller::Submodules::SessionTimeout::InstanceMethods

Public Instance Methods

invalidate_active_sessions!() click to toggle source
# File lib/sorcery/controller/submodules/session_timeout.rb, line 34
def invalidate_active_sessions!
  return unless Config.session_timeout_invalidate_active_sessions_enabled
  return unless current_user.present?

  current_user.send(:invalidate_sessions_before=, Time.now.in_time_zone)
  current_user.save
end

Protected Instance Methods

register_login_time(_user, _credentials = nil) click to toggle source

Registers last login to be used as the timeout starting point. Runs as a hook after a successful login.

# File lib/sorcery/controller/submodules/session_timeout.rb, line 46
def register_login_time(_user, _credentials = nil)
  session[:login_time] = session[:last_action_time] = Time.now.in_time_zone
end
sorcery_session_expired?(time) click to toggle source
# File lib/sorcery/controller/submodules/session_timeout.rb, line 62
def sorcery_session_expired?(time)
  Time.now.in_time_zone - time > Config.session_timeout
end
sorcery_session_invalidated?() click to toggle source

Use login time if present, otherwise use last action time.

# File lib/sorcery/controller/submodules/session_timeout.rb, line 67
def sorcery_session_invalidated?
  return false unless Config.session_timeout_invalidate_active_sessions_enabled
  return false unless current_user.present? && current_user.try(:invalidate_sessions_before).present?

  time = session[:login_time] || session[:last_action_time] || Time.now.in_time_zone
  time < current_user.invalidate_sessions_before
end
validate_session() click to toggle source

Checks if session timeout was reached and expires the current session if so. To be used as a before_action, before require_login

# File lib/sorcery/controller/submodules/session_timeout.rb, line 52
def validate_session
  session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
  if (session_to_use && sorcery_session_expired?(session_to_use.to_time)) || sorcery_session_invalidated?
    reset_sorcery_session
    remove_instance_variable :@current_user if defined? @current_user
  else
    session[:last_action_time] = Time.now.in_time_zone
  end
end