Ruby-on-rails 设计记住我和会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5034846/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Devise Remember Me and Sessions
提问by Arthur Frankel
I'm confused with the devise gem config settings:
我对设计 gem 配置设置感到困惑:
# The time the user will be remembered without asking for credentials again.
config.remember_for = 2.weeks
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again.
config.timeout_in = 10.minutes
I want to have a user select the "Remember Me" checkbox (i.e., keep me logged in), but the default session timeout is 10 minutes. After 10 minutes it asks me to log in again even though I have clicked "Remember me". If this is true then the remember_for is really meaningless. Obviously I'm missing something here.
我想让用户选择“记住我”复选框(即,让我保持登录状态),但默认会话超时为 10 分钟。10 分钟后,即使我点击了“记住我”,它也会要求我再次登录。如果这是真的,那么 remember_for 真的毫无意义。显然我在这里遗漏了一些东西。
采纳答案by Ryan Bigg
The timeout_inwill automatically log you out within 10 minutes of inactivity and is incompatible with the remember_mecheckbox. You can have one, but not both.
该timeout_in会自动将您注销闲置10分钟内与兼容remember_me复选框。你可以拥有一个,但不能同时拥有。
回答by douglasr
Ryan is correct in that the default Devise gem does not support both the :rememberable and :timeoutable options. However, like all things Ruby, if you don't like the decision that some other coder has made, especially when it strays from the norm that most users are likely to expect, then you can simply override it.
Ryan 是正确的,因为默认的 Devise gem 不支持 :rememberable 和 :timeoutable 选项。但是,与 Ruby 的所有事物一样,如果您不喜欢其他编码人员做出的决定,尤其是当它偏离大多数用户可能期望的规范时,那么您可以简单地覆盖它。
Thanks to a (rejected) pull requestwe can override this behaviour by adding the following code to the top of your Devise config file (/config/initializers/devise.rb):
感谢(被拒绝的)拉取请求,我们可以通过将以下代码添加到您的设计配置文件(/config/initializers/devise.rb)的顶部来覆盖此行为:
module Devise
module Models
module Timeoutable
# Checks whether the user session has expired based on configured time.
def timedout?(last_access)
return false if remember_exists_and_not_expired?
last_access && last_access <= self.class.timeout_in.ago
end
private
def remember_exists_and_not_expired?
return false unless respond_to?(:remember_expired?)
remember_created_at && !remember_expired?
end
end
end
end
This will now allow you to configure both options and have them work as you would expect.
现在,这将允许您配置两个选项并让它们按预期工作。
config.remember_for = 2.weeks
config.timeout_in = 30.minutes
回答by Rustam A. Gasanov
The information in previous answers is outdated. I've tested my project, which uses Rails 4and Devise 3.5.1and also checked devise codeto be sure.
先前答案中的信息已过时。我测试过我的项目,其用途Rails 4和Devise 3.5.1和还检查色器件代码以确保万无一失。
Now it looks whether Remember Mecheckbox was checked:
现在查看是否Remember Me选中了复选框:
if
yes, it checksif remember_exists_and_not_expired, so basically usesconfig.remember_forfor session managementif
no, it checksif last_access <= timeout_in.ago, usingconfig.timeout_incorrespondingly
如果
yes,它会检查if remember_exists_and_not_expired,所以基本上config.remember_for用于会话管理如果
no,它会检查if last_access <= timeout_in.ago,config.timeout_in相应地使用
