limited_sessions 4.1.0 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a14e5b8ce5202da6e1452b2841774f4cdae0d57d
-  data.tar.gz: e075a3d2ce01c91352a926be7ec5b9952ccca9fb
+  metadata.gz: 72435a434d8e6fb836b3aa85fb4d53d5e09032ad
+  data.tar.gz: 8344fca106d43399d81d71aeb30d2b1fbf4c450a
 SHA512:
-  metadata.gz: c3b6973575a2129f8065448e7e9d96ee8dec26f8294d2c143d3c0d2af246d85c90e7909366f59a6dc1472c9912eaba79a79beca2fcabafeee589160888cb3c49
-  data.tar.gz: 71fb03540633023b30fe6bdcc53ac79143f66b25cab453fc57bf5f3c1ed1c32049c594bcf976d1d25eb028db7bde8be7a0afbfa76e77138ecd1ec21e8a0be35e
+  metadata.gz: 353a235142ff978cf4fae93899d3d64af32dec47fbdef58e7045d47dc7842c9a51b1dfa2f1e2b5407ee309efa0bf6bc535dd45aeb91457b07f04955d3346a7b5
+  data.tar.gz: b7aefc332194cc4176ed4322325d20ba41715de602f5e28e3f43a020e69307770e3160359ea1545e86fb2a4b95c759bb7f14b56a8cda8d3b4a867f3b0ce2e433

data/CHANGELOG

@@ -1,3 +1,9 @@
+* 2017-may-22 - v4.2.0
+
+  - Fixed ActiveRecord session cleanup on Rails 5.1
+  - Prevent ActiveRecord session cleanup from possibly running more often than
+    configured due to Rails loading sessions more than once per request.
+
 * 2016-feb-12 - v4.1.0
 
   - Support Rails 5.0 & Rack 2.0

data/README

@@ -1,6 +1,6 @@
 LimitedSessions
 ===============
-Copyright 2007-2013 t.e.morgan.
+Copyright 2007-2017 t.e.morgan.
 License: MIT
 
 Updates/info: http://iprog.com/projects#limited_sessions
@@ -10,23 +10,27 @@ Contact: tm@iprog.com
 
 LimitedSessions provides two distinct features, each in a separate part:
   * Rack-compatible middleware that expires sessions based on inactivity or
-    maximum session length. This works with Rails 4 just fine.
-  * Rails 4 extension to the (now separate) ActiveRecord Session Store to
+    maximum session length. The middleware supports any session storage type,
+    including cookies, Redis, ActiveRecord, etc.
+  * Rails 4+ extension to the (now separate) ActiveRecord Session Store to
     auto-cleanup stale session records.
 
 
 Notes on Rails and Rack versions:
   The middleware should be compatible with any framework using a recent
-  version of Rack. It was tested with Rack 1.5 and Rails 4.0.
+  version of Rack. It was tested with Rack 1.5 on Rails 4.2 and Rack 2.0 on
+  Rails 5.0 and 5.1.
   
-  The ActiveRecord Session Store extension requires Rails 4 and the now
+  The ActiveRecord Session Store extension requires Rails 4+ and the now
   separate activerecord-session_store gem:
     gem 'activerecord-session_store'
   activerecord-session_store must be *before* limited_sessions in your Gemfile
   in order for limited_sessions to auto-detect it.
 
-  For Rails 3, use limited_sessions v3.x.x:
-    gem 'limited_sessions', '~> 3.0'
+  The extension has been tested with the following combinations:
+  * Rails 4.2 + activerecord-session_store 0.1.2
+  * Rails 5.0 + activerecord-session_store 1.0.0
+  * Rails 5.1 + activerecord-session_store 1.1.0
 
 
 Upgrading from previous versions:
@@ -49,7 +53,7 @@ Features:
 
   
 Requirements:
-  * Rack and any Rack-compatible app (including Rails 4)
+  * Rack and any Rack-compatible app (including Rails 4 or 5)
   * Utilizing Rack's (or Rails') sessions support
   * For ActiveRecord session enhancements:
     * Must be using the standard ActiveRecord::SessionStore
@@ -218,12 +222,11 @@ Other questions:
 
 
 Other Notes:
-  This version has been tested on Rack 1.5 and Rails 4.0. It should be
+  This version has been tested on Rack 1.5-2.0 and Rails 4.2-5.1. It should be
   compatible with a broad spectrum of data and session stores. If you find a
   bug, I'd love to hear about it -- preferably via a new issue on GitHub (bonus
   points for a pull request). Likewise, give me a shout if you have a suggestion
   or just want to tell me that it works. Thanks for checking limited_sessions
   out!
   
-      --t (tm@iprog.com; http://iprog.com/)
-
+      --t (tm@iprog.com; https://iprog.com/)

data/lib/limited_sessions/expiry.rb

@@ -1,9 +1,9 @@
 # LimitedSessions
-# (c) 2007-2013 t.e.morgan
+# (c) 2007-2017 t.e.morgan
 # Made available under the MIT license
 
-# This version is compatible with Rack 1.4-1.5 (possibly earlier; untested).
-# Correspondingly, it is compatible with Rails 3.x-4.x.
+# This version is compatible with Rack 1.4-2.0 (possibly earlier; untested).
+# Correspondingly, it is compatible with Rails 3.x-5.x.
 
 module LimitedSessions
   # Rack middleware that should be installed *after* the session handling middleware

data/lib/limited_sessions/self_cleaning_session.rb

@@ -1,8 +1,8 @@
 # LimitedSessions
-# (c) 2007-2012 t.e.morgan
+# (c) 2007-2017 t.e.morgan
 # Made available under the MIT license
 
-# This is the Rails 4.x version.
+# This is the Rails 4-5.x version.
 
 module LimitedSessions
   class SelfCleaningSession < ActiveRecord::SessionStore::Session
@@ -35,13 +35,15 @@ module LimitedSessions
       private
       def consider_self_clean
         return if self_clean_sessions == 0
+        return if defined?(@@last_check) && @@last_check == Time.now.to_i
         if rand(self_clean_sessions) == 0
+          @@last_check = Time.now.to_i
           # logger.info "SelfCleaningSession :: scrubbing expired sessions"
           look_back_recent = recent_activity || 1.week
           if max_session
-            delete_all ['updated_at < ? OR created_at < ?', Time.current - look_back_recent, Time.current - max_session]
+            self.where('updated_at < ? OR created_at < ?', Time.current - look_back_recent, Time.current - max_session).delete_all
           elsif columns_hash['updated_at']
-            delete_all ['updated_at < ?', Time.current - look_back_recent]
+            self.where('updated_at < ?', Time.current - look_back_recent).delete_all
           else
             # logger.warning "WARNING: Unable to self-clean Sessions table; updated_at column is missing"
             self.self_clean_sessions = 0

data/lib/limited_sessions/version.rb

@@ -1,3 +1,3 @@
 module LimitedSessions
-  VERSION = '4.1.0'
+  VERSION = '4.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: limited_sessions
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.2.0
 platform: ruby
 authors:
 - t.e.morgan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-13 00:00:00.000000000 Z
+date: 2017-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -53,7 +53,7 @@ dependencies:
         version: '4.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -63,7 +63,7 @@ dependencies:
         version: '4.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '5.2'
 description: 'LimitedSessions provides two core features to handle cookie-based session
   expiry: 1) Rack Middleware for most session stores and 2) an ActiveRecord extension
   for AR-based session stores. Sessions can be expired on inactivity and/or overall
@@ -114,7 +114,7 @@ files:
 - test/dummy/script/rails
 - test/limited_sessions_test.rb
 - test/test_helper.rb
-homepage: http://iprog.com/projects#limited_sessions
+homepage: https://iprog.com/projects#limited_sessions
 licenses: []
 metadata: {}
 post_install_message: 
@@ -133,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: Server-side session expiry via either Rack Middleware or ActiveRecord extension