heartcombo--devise/lib/devise/hooks/timeoutable.rb

# Each time a record is set we check whether its session has already timed out
# or not, based on last request time. If so, the record is logged out and
# redirected to the sign in page. Also, each time the request comes and the
# record is set, we set the last request time inside its scoped session to
# verify timeout in the following request.
Warden::Manager.after_set_user do |record, warden, options|
  scope = options[:scope]
  env   = warden.request.env

  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
    last_request_at = warden.session(scope)['last_request_at']

    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
      warden.logout(scope)
      if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
        record.reset_authentication_token!
      end
      throw :warden, :scope => scope, :message => :timeout
    end

    unless env['devise.skip_trackable']
      warden.session(scope)['last_request_at'] = Time.now.utc
    end
  end
end
Move remember_me hook inside strategies. 2010-03-31 15:43:19 -04:00			`# Each time a record is set we check whether its session has already timed out`
Improving docs about timeoutable 2009-11-22 20:29:03 -05:00			`# or not, based on last request time. If so, the record is logged out and`
			`# redirected to the sign in page. Also, each time the request comes and the`
Fix usage of "its" / "it's" in documentation 2011-08-16 16:06:13 -04:00			`# record is set, we set the last request time inside its scoped session to`
Improving docs about timeoutable 2009-11-22 20:29:03 -05:00			`# verify timeout in the following request.`
Introducing timeoutable to timeout sessions without activity. 2009-11-22 19:19:29 -05:00			`Warden::Manager.after_set_user do \|record, warden, options\|`
Added trackable for sign_in_count, sign_in_at and sign_in_ip. 2009-11-24 12:18:42 -05:00			`scope = options[:scope]`
Do not trigger timeout on sign in related actions 2012-06-16 07:24:07 -04:00			`env = warden.request.env`
Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 06:39:20 -04:00
Preventing timeoutable from interfering with stateless tokens. Signed-off-by: José Valim <jose.valim@gmail.com> 2011-02-14 10:45:00 -05:00			`if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false`
Added trackable for sign_in_count, sign_in_at and sign_in_ip. 2009-11-24 12:18:42 -05:00			`last_request_at = warden.session(scope)['last_request_at']`
Bring rememberable back. 2010-01-14 09:47:14 -05:00
Do not trigger timeout on sign in related actions 2012-06-16 07:24:07 -04:00			`if record.timedout?(last_request_at) && !env['devise.skip_timeout']`
Removing signed_out path workaround 2012-02-16 11:40:34 -05:00			`warden.logout(scope)`
Timeout does not explode when reset_authentication_token! is accidentally defined by Active Model 2012-06-16 08:04:29 -04:00			`if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout`
			`record.reset_authentication_token!`
			`end`
Removing signed_out path workaround 2012-02-16 11:40:34 -05:00			`throw :warden, :scope => scope, :message => :timeout`
Introducing timeoutable to timeout sessions without activity. 2009-11-22 19:19:29 -05:00			`end`
Bring rememberable back. 2010-01-14 09:47:14 -05:00
Do not trigger timeout on sign in related actions 2012-06-16 07:24:07 -04:00			`unless env['devise.skip_trackable']`
Timeoutable also skips tracking if skip_trackable is given 2011-10-25 12:43:34 -04:00			`warden.session(scope)['last_request_at'] = Time.now.utc`
			`end`
Introducing timeoutable to timeout sessions without activity. 2009-11-22 19:19:29 -05:00			`end`
			`end`