ixtlan-session-timeout 0.1.0

data/README.textile

@@ -0,0 +1,42 @@
+h1. Rails Idle Session Timeout
+
+p. when you deal with privacy related data during a session then it is important to timeout these session since it happens to often that a session stays open. there a lot of examples how to "reuse" an open session.
+
+p. sometimes it is nessecary to have different timeout for different parts of the system. you can do this with
+
+bc. class MyController
+  def session_idle_timeout
+    Configuration.instance.user_idle_session_timeout
+  end
+  . . . 
+end 
+
+p. or you want to bind your admin session to the IP of the admin:
+
+bc. class MyAdminController
+  before_filter :check_session_ip_binding  
+  . . . 
+end 
+
+p. or you do not want any session timeout
+
+bc. class MyAdminController
+  skip_before_filter :check_session_expiry
+  . . . 
+end 
+
+h2. install
+
+p. in Gemfile add *gem 'ixtlan-session-timeout'*
+
+p. for the configuration add for example in _config/initializers/session-timeout.rb_. without that the default idle timeout is 5 minutes.
+
+bc. Rails.application.config.idle_session_timeout = 30 #minutes
+
+h2. relation to ixtlan gem
+
+p. the ixtlan gem provides a setup generator which adds configuration examples for this gem in _config/initializer/ixtlan.rb_ (the dynamic configuration is part of the ixtlan gem and it is just easier to keep that inside that gem !!!)
+
+h2. relation to ixtlan-audit gem
+
+p. if that gem is present and loaded than any timeout will be log with the help of _Ixtlan::Audit::UserLogger_

data/features/generators.feature

@@ -0,0 +1,5 @@
+Feature: Generators for Ixtlan Audit
+
+  Scenario: The slf4r rails template creates a rails application which uses slf4r-wrapper
+    Given I create new rails application with template "simple.template"
+    Then the output should contain "setup slf4r logger wrapper with ActiveSupport::BufferedLogger"

data/features/step_definitions/simple_steps.rb

@@ -0,0 +1,22 @@
+require 'fileutils'
+Given /^I create new rails application with template "(.*)"$/ do |template|
+  name = template.sub(/.template$/, '')
+  directory = File.join('target', name)
+  rails_version = ENV['RAILS_VERSION'] || '3.0.1'
+
+  ruby = defined?(JRUBY_VERSION) ? "jruby" : "ruby"
+  rails_command = "#{ENV['GEM_HOME']}/bin/rails"
+  rails_command = "-S rails" unless File.exists?(rails_command)
+  command = "#{rails_command} _#{rails_version}_ new #{directory} -f -m templates/#{template}"
+  FileUtils.rm_rf(directory)
+
+  system "#{ruby} #{command}"
+  
+  @result = File.read("target/#{name}/log/development.log")
+  puts @result
+end
+
+Then /^the output should contain \"(.*)\"$/ do |expected|
+  (@result =~ /.*#{expected}.*/).should_not be_nil
+end
+

data/lib/ixtlan/sessions/railtie.rb

@@ -0,0 +1,20 @@
+require 'rails'
+require 'ixtlan/sessions/timeout'
+
+module Ixtlan
+  module Sessions
+    class Railtie < Rails::Railtie
+
+      config.before_configuration do |app|
+        app.config.class.class_eval do
+          attr_accessor :idle_session_timeout
+        end
+        app.config.idle_session_timeout = 5 #minutes
+      end
+      
+      config.after_initialize do |app|
+        ::ActionController::Base.send(:include, Ixtlan::Sessions::Timeout)
+      end
+    end
+  end
+end

data/lib/ixtlan/sessions/timeout.rb

@@ -0,0 +1,94 @@
+module Ixtlan
+  module Sessions
+    module Timeout
+      private
+
+      if defined? Ixtlan::Audit
+        def session_user_logger
+          @session_user_logger ||= Ixtlan::Audit::UserLogger.new(Rails.application.config.audit_manager)
+        end
+        
+        def session_log(message)
+          session_user_logger.log(self, message)
+        end
+      else
+        def session_log(message)
+          logger.debug(message)
+        end
+      end
+      
+      def expire_session
+        session.clear
+        #      reset_session
+        session_timeout
+        return false
+      end
+      
+      protected
+      
+      def check_session_expiry
+        if !session[:expires_at].nil? and session[:expires_at] < DateTime.now
+          # Session has expired.
+          session_log("session timeout")
+          expire_session
+        else
+          # Assign a new expiry time
+          session[:expires_at] = session_idle_timeout.minutes.from_now
+          return true
+        end
+      end
+      
+      # IP binding is not very useful in the wild since some ISP use 
+      # a different IP for each request, i.e. the session uses many IPs
+      def check_session_ip_binding
+        if !session[:session_ip].nil? and session[:session_ip] != request.headers['REMOTE_ADDR']
+          # client IP has changed
+          session_log("IP changed from #{session[:session_ip]} to #{request.headers['REMOTE_ADDR']}")
+          expire_session
+        else
+          # Assign client IP
+          session[:session_ip] = request.headers['REMOTE_ADDR']
+          return true
+        end
+      end
+      
+      def check_session
+        check_session_browser_signature && check_session_expiry
+      end
+      
+      def check_session_browser_signature
+        if !session[:session_browser_signature].nil? and session[:session_browser_signature] != retrieve_browser_signature
+          # browser signature has changed
+          session_log("browser signature changed from #{session[:session_browser_signature]} to #{retrieve_browser_signature}")
+          expire_session
+          return false
+        else
+          # Assign a browser signature
+          session[:session_browser_signature] = retrieve_browser_signature
+          return true
+        end
+      end
+      
+      def retrieve_browser_signature
+        [request.headers['HTTP_USER_AGENT'],
+         request.headers['HTTP_ACCEPT_LANGUAGE'],
+         request.headers['HTTP_ACCEPT_ENCODING'],
+         request.headers['HTTP_ACCEPT']].join('|')
+      end
+      
+      def session_timeout
+        respond_to do |format|
+          format.html {
+            @notice = "session timeout" unless @notice
+            redirect_to ""
+          }
+          format.xml { head :unauthorized }
+        end
+      end
+      
+      def session_idle_timeout
+        Rails.configuration.idle_session_timeout
+      end
+    end
+  end
+end

data/lib/ixtlan-session-timeout.rb

@@ -0,0 +1,3 @@
+if defined?(Rails)
+  require 'ixtlan/sessions/railtie'
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification 
+name: ixtlan-session-timeout
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+    - 0
+    - 1
+    - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+  - mkristian
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-03-01 00:00:00 +05:30
+default_executable: 
+dependencies: 
+  - !ruby/object:Gem::Dependency 
+    name: rails
+    prerelease: false
+    requirement: &id001 !ruby/object:Gem::Requirement 
+      requirements: 
+        - - "="
+          - !ruby/object:Gem::Version 
+            segments: 
+              - 3
+              - 0
+              - 1
+            version: 3.0.1
+    type: :development
+    version_requirements: *id001
+  - !ruby/object:Gem::Dependency 
+    name: rspec
+    prerelease: false
+    requirement: &id002 !ruby/object:Gem::Requirement 
+      requirements: 
+        - - "="
+          - !ruby/object:Gem::Version 
+            segments: 
+              - 2
+              - 0
+              - 1
+            version: 2.0.1
+    type: :development
+    version_requirements: *id002
+  - !ruby/object:Gem::Dependency 
+    name: cucumber
+    prerelease: false
+    requirement: &id003 !ruby/object:Gem::Requirement 
+      requirements: 
+        - - "="
+          - !ruby/object:Gem::Version 
+            segments: 
+              - 0
+              - 9
+              - 4
+            version: 0.9.4
+    type: :development
+    version_requirements: *id003
+  - !ruby/object:Gem::Dependency 
+    name: rake
+    prerelease: false
+    requirement: &id004 !ruby/object:Gem::Requirement 
+      requirements: 
+        - - "="
+          - !ruby/object:Gem::Version 
+            segments: 
+              - 0
+              - 8
+              - 7
+            version: 0.8.7
+    type: :development
+    version_requirements: *id004
+description: idle session timeout for rails on a per controller base
+email: 
+  - m.kristian@web.de
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+  - README.textile
+  - features/step_definitions/simple_steps.rb
+  - features/generators.feature
+  - lib/ixtlan-session-timeout.rb
+  - lib/ixtlan/sessions/timeout.rb
+  - lib/ixtlan/sessions/railtie.rb
+has_rdoc: true
+homepage: http://github.com/mkristian/ixtlan-session-timeout
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+  - --main
+  - README.textile
+require_paths: 
+  - lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+          - 0
+        version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+          - 0
+        version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: idle session timeout on a per controller base
+test_files: []
+