英文:
How to limit a RoR cookies/session to 1 hour after being created
问题
以下是翻译好的内容:
我有一个Ruby on Rails后端,目前正在使用cookies和会话来进行用户身份验证和登录。我相信会话的默认结束时间是用户关闭浏览器时,但我希望会话在创建后的1小时后结束。
以下是用于创建会话和验证用户的控制器:
sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :authorize, only: [:create]
include ::ActionController::Cookies
def create
user = User.find_by(email: params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
render json: user
else
render json: {errors: "检查电子邮件和密码"}, status: :unauthorized
end
end
def destroy
session.delete :user_id
head :no_content
end
end
users_controller.rb
class UsersController < ApplicationController
skip_before_action :authorize, only: [:create]
def show
render json: @current_user
end
end
application_controller.rb
class ApplicationController < ActionController::API
include ActionController::Cookies
before_action :authorize
private
def authorize
@current_user ||= User.find_by(id: session[:user_id])
render json: {errors: "未经授权"}, status: :unauthorized unless @current_user
end
end
请注意,我将代码部分保留为原文,没有进行翻译。
英文:
I have a Ruby on Rails backend, currently using cookies & sessions to authenticate and login users. I believe session's default end time is when the user closes their browser, but I want the session to end 1 hour after being created.
Below are the controllers used to create the session and authenticate users:
sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :authorize, only: [:create]
include ::ActionController::Cookies
def create
user = User.find_by(email: params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
render json: user
else
render json: {errors: "check email and password"}, status: :unauthorized
end
end
def destroy
session.delete :user_id
head :no_content
end
end
users_controller.rb
class UsersController < ApplicationController
skip_before_action :authorize, only: [:create]
def show
render json: @current_user
end
end
application_controller.rb
class ApplicationController < ActionController::API
include ActionController::Cookies
before_action :authorize
private
def authorize
@current_user ||= User.find_by(id: session[:user_id])
render json: {errors: "Not authorized"}, status: :unauthorized unless @current_user
end
end
答案1
得分: 1
你可以在初始化器中设置过期时间,如下所示:
Rails.application.config.session_store :cookie_store, key: '你的自定义会话键', expire_after: 1.hour.to_i
这将确保你的会话在1小时后过期。你可以尝试使用较短的时间框架,如1.minute,以进行验证。
英文:
You can set the expiry time in an intializer like so:
Rails.application.config.session_store :cookie_store, key: '_your_custom_session_key', expire_after: 1.hour.to_i
This will make sure your sessions expire after 1 hour. You can try with a smaller time frame like 1.minute to verify.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论