ixtlan-session-timeout 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.textile +42 -0
- data/features/generators.feature +5 -0
- data/features/step_definitions/simple_steps.rb +22 -0
- data/lib/ixtlan/sessions/railtie.rb +20 -0
- data/lib/ixtlan/sessions/timeout.rb +94 -0
- data/lib/ixtlan-session-timeout.rb +3 -0
- metadata +124 -0
data/README.textile
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
h1. Rails Idle Session Timeout
|
2
|
+
|
3
|
+
p. when you deal with privacy related data during a session then it is important to timeout these session since it happens to often that a session stays open. there a lot of examples how to "reuse" an open session.
|
4
|
+
|
5
|
+
p. sometimes it is nessecary to have different timeout for different parts of the system. you can do this with
|
6
|
+
|
7
|
+
bc. class MyController
|
8
|
+
def session_idle_timeout
|
9
|
+
Configuration.instance.user_idle_session_timeout
|
10
|
+
end
|
11
|
+
. . .
|
12
|
+
end
|
13
|
+
|
14
|
+
p. or you want to bind your admin session to the IP of the admin:
|
15
|
+
|
16
|
+
bc. class MyAdminController
|
17
|
+
before_filter :check_session_ip_binding
|
18
|
+
. . .
|
19
|
+
end
|
20
|
+
|
21
|
+
p. or you do not want any session timeout
|
22
|
+
|
23
|
+
bc. class MyAdminController
|
24
|
+
skip_before_filter :check_session_expiry
|
25
|
+
. . .
|
26
|
+
end
|
27
|
+
|
28
|
+
h2. install
|
29
|
+
|
30
|
+
p. in Gemfile add *gem 'ixtlan-session-timeout'*
|
31
|
+
|
32
|
+
p. for the configuration add for example in _config/initializers/session-timeout.rb_. without that the default idle timeout is 5 minutes.
|
33
|
+
|
34
|
+
bc. Rails.application.config.idle_session_timeout = 30 #minutes
|
35
|
+
|
36
|
+
h2. relation to ixtlan gem
|
37
|
+
|
38
|
+
p. the ixtlan gem provides a setup generator which adds configuration examples for this gem in _config/initializer/ixtlan.rb_ (the dynamic configuration is part of the ixtlan gem and it is just easier to keep that inside that gem !!!)
|
39
|
+
|
40
|
+
h2. relation to ixtlan-audit gem
|
41
|
+
|
42
|
+
p. if that gem is present and loaded than any timeout will be log with the help of _Ixtlan::Audit::UserLogger_
|
@@ -0,0 +1,5 @@
|
|
1
|
+
Feature: Generators for Ixtlan Audit
|
2
|
+
|
3
|
+
Scenario: The slf4r rails template creates a rails application which uses slf4r-wrapper
|
4
|
+
Given I create new rails application with template "simple.template"
|
5
|
+
Then the output should contain "setup slf4r logger wrapper with ActiveSupport::BufferedLogger"
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
Given /^I create new rails application with template "(.*)"$/ do |template|
|
3
|
+
name = template.sub(/.template$/, '')
|
4
|
+
directory = File.join('target', name)
|
5
|
+
rails_version = ENV['RAILS_VERSION'] || '3.0.1'
|
6
|
+
|
7
|
+
ruby = defined?(JRUBY_VERSION) ? "jruby" : "ruby"
|
8
|
+
rails_command = "#{ENV['GEM_HOME']}/bin/rails"
|
9
|
+
rails_command = "-S rails" unless File.exists?(rails_command)
|
10
|
+
command = "#{rails_command} _#{rails_version}_ new #{directory} -f -m templates/#{template}"
|
11
|
+
FileUtils.rm_rf(directory)
|
12
|
+
|
13
|
+
system "#{ruby} #{command}"
|
14
|
+
|
15
|
+
@result = File.read("target/#{name}/log/development.log")
|
16
|
+
puts @result
|
17
|
+
end
|
18
|
+
|
19
|
+
Then /^the output should contain \"(.*)\"$/ do |expected|
|
20
|
+
(@result =~ /.*#{expected}.*/).should_not be_nil
|
21
|
+
end
|
22
|
+
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'rails'
|
2
|
+
require 'ixtlan/sessions/timeout'
|
3
|
+
|
4
|
+
module Ixtlan
|
5
|
+
module Sessions
|
6
|
+
class Railtie < Rails::Railtie
|
7
|
+
|
8
|
+
config.before_configuration do |app|
|
9
|
+
app.config.class.class_eval do
|
10
|
+
attr_accessor :idle_session_timeout
|
11
|
+
end
|
12
|
+
app.config.idle_session_timeout = 5 #minutes
|
13
|
+
end
|
14
|
+
|
15
|
+
config.after_initialize do |app|
|
16
|
+
::ActionController::Base.send(:include, Ixtlan::Sessions::Timeout)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
module Ixtlan
|
2
|
+
module Sessions
|
3
|
+
module Timeout
|
4
|
+
private
|
5
|
+
|
6
|
+
if defined? Ixtlan::Audit
|
7
|
+
def session_user_logger
|
8
|
+
@session_user_logger ||= Ixtlan::Audit::UserLogger.new(Rails.application.config.audit_manager)
|
9
|
+
end
|
10
|
+
|
11
|
+
def session_log(message)
|
12
|
+
session_user_logger.log(self, message)
|
13
|
+
end
|
14
|
+
else
|
15
|
+
def session_log(message)
|
16
|
+
logger.debug(message)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def expire_session
|
21
|
+
session.clear
|
22
|
+
# reset_session
|
23
|
+
session_timeout
|
24
|
+
return false
|
25
|
+
end
|
26
|
+
|
27
|
+
protected
|
28
|
+
|
29
|
+
def check_session_expiry
|
30
|
+
if !session[:expires_at].nil? and session[:expires_at] < DateTime.now
|
31
|
+
# Session has expired.
|
32
|
+
session_log("session timeout")
|
33
|
+
expire_session
|
34
|
+
else
|
35
|
+
# Assign a new expiry time
|
36
|
+
session[:expires_at] = session_idle_timeout.minutes.from_now
|
37
|
+
return true
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# IP binding is not very useful in the wild since some ISP use
|
42
|
+
# a different IP for each request, i.e. the session uses many IPs
|
43
|
+
def check_session_ip_binding
|
44
|
+
if !session[:session_ip].nil? and session[:session_ip] != request.headers['REMOTE_ADDR']
|
45
|
+
# client IP has changed
|
46
|
+
session_log("IP changed from #{session[:session_ip]} to #{request.headers['REMOTE_ADDR']}")
|
47
|
+
expire_session
|
48
|
+
else
|
49
|
+
# Assign client IP
|
50
|
+
session[:session_ip] = request.headers['REMOTE_ADDR']
|
51
|
+
return true
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def check_session
|
56
|
+
check_session_browser_signature && check_session_expiry
|
57
|
+
end
|
58
|
+
|
59
|
+
def check_session_browser_signature
|
60
|
+
if !session[:session_browser_signature].nil? and session[:session_browser_signature] != retrieve_browser_signature
|
61
|
+
# browser signature has changed
|
62
|
+
session_log("browser signature changed from #{session[:session_browser_signature]} to #{retrieve_browser_signature}")
|
63
|
+
expire_session
|
64
|
+
return false
|
65
|
+
else
|
66
|
+
# Assign a browser signature
|
67
|
+
session[:session_browser_signature] = retrieve_browser_signature
|
68
|
+
return true
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def retrieve_browser_signature
|
73
|
+
[request.headers['HTTP_USER_AGENT'],
|
74
|
+
request.headers['HTTP_ACCEPT_LANGUAGE'],
|
75
|
+
request.headers['HTTP_ACCEPT_ENCODING'],
|
76
|
+
request.headers['HTTP_ACCEPT']].join('|')
|
77
|
+
end
|
78
|
+
|
79
|
+
def session_timeout
|
80
|
+
respond_to do |format|
|
81
|
+
format.html {
|
82
|
+
@notice = "session timeout" unless @notice
|
83
|
+
redirect_to ""
|
84
|
+
}
|
85
|
+
format.xml { head :unauthorized }
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
def session_idle_timeout
|
90
|
+
Rails.configuration.idle_session_timeout
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
metadata
ADDED
@@ -0,0 +1,124 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ixtlan-session-timeout
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 1
|
8
|
+
- 0
|
9
|
+
version: 0.1.0
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- mkristian
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2011-03-01 00:00:00 +05:30
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: rails
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - "="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 3
|
29
|
+
- 0
|
30
|
+
- 1
|
31
|
+
version: 3.0.1
|
32
|
+
type: :development
|
33
|
+
version_requirements: *id001
|
34
|
+
- !ruby/object:Gem::Dependency
|
35
|
+
name: rspec
|
36
|
+
prerelease: false
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - "="
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
segments:
|
42
|
+
- 2
|
43
|
+
- 0
|
44
|
+
- 1
|
45
|
+
version: 2.0.1
|
46
|
+
type: :development
|
47
|
+
version_requirements: *id002
|
48
|
+
- !ruby/object:Gem::Dependency
|
49
|
+
name: cucumber
|
50
|
+
prerelease: false
|
51
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - "="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
segments:
|
56
|
+
- 0
|
57
|
+
- 9
|
58
|
+
- 4
|
59
|
+
version: 0.9.4
|
60
|
+
type: :development
|
61
|
+
version_requirements: *id003
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: rake
|
64
|
+
prerelease: false
|
65
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - "="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
segments:
|
70
|
+
- 0
|
71
|
+
- 8
|
72
|
+
- 7
|
73
|
+
version: 0.8.7
|
74
|
+
type: :development
|
75
|
+
version_requirements: *id004
|
76
|
+
description: idle session timeout for rails on a per controller base
|
77
|
+
email:
|
78
|
+
- m.kristian@web.de
|
79
|
+
executables: []
|
80
|
+
|
81
|
+
extensions: []
|
82
|
+
|
83
|
+
extra_rdoc_files: []
|
84
|
+
|
85
|
+
files:
|
86
|
+
- README.textile
|
87
|
+
- features/step_definitions/simple_steps.rb
|
88
|
+
- features/generators.feature
|
89
|
+
- lib/ixtlan-session-timeout.rb
|
90
|
+
- lib/ixtlan/sessions/timeout.rb
|
91
|
+
- lib/ixtlan/sessions/railtie.rb
|
92
|
+
has_rdoc: true
|
93
|
+
homepage: http://github.com/mkristian/ixtlan-session-timeout
|
94
|
+
licenses: []
|
95
|
+
|
96
|
+
post_install_message:
|
97
|
+
rdoc_options:
|
98
|
+
- --main
|
99
|
+
- README.textile
|
100
|
+
require_paths:
|
101
|
+
- lib
|
102
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
103
|
+
requirements:
|
104
|
+
- - ">="
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
segments:
|
107
|
+
- 0
|
108
|
+
version: "0"
|
109
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
110
|
+
requirements:
|
111
|
+
- - ">="
|
112
|
+
- !ruby/object:Gem::Version
|
113
|
+
segments:
|
114
|
+
- 0
|
115
|
+
version: "0"
|
116
|
+
requirements: []
|
117
|
+
|
118
|
+
rubyforge_project:
|
119
|
+
rubygems_version: 1.3.6
|
120
|
+
signing_key:
|
121
|
+
specification_version: 3
|
122
|
+
summary: idle session timeout on a per controller base
|
123
|
+
test_files: []
|
124
|
+
|