如何将 RoR cookies/session 限制在创建后的1小时内

huangapple go评论60阅读模式
英文:

How to limit a RoR cookies/session to 1 hour after being created

问题

以下是翻译好的内容:

我有一个Ruby on Rails后端,目前正在使用cookies和会话来进行用户身份验证和登录。我相信会话的默认结束时间是用户关闭浏览器时,但我希望会话在创建后的1小时后结束。

以下是用于创建会话和验证用户的控制器:

sessions_controller.rb

class SessionsController < ApplicationController
    skip_before_action :authorize, only: [:create]
    include ::ActionController::Cookies
    
    def create
        user = User.find_by(email: params[:email])
        if user && user.authenticate(params[:password])
            session[:user_id] = user.id
            render json: user
        else
            render json: {errors: "检查电子邮件和密码"}, status: :unauthorized
        end
    end

    def destroy
        session.delete :user_id
        head :no_content
    end
end

users_controller.rb

class UsersController < ApplicationController

    skip_before_action :authorize, only: [:create]
    
    def show
        render json: @current_user
    end
end

application_controller.rb

class ApplicationController < ActionController::API
    include ActionController::Cookies

    before_action :authorize

    private

    def authorize
        @current_user ||= User.find_by(id: session[:user_id])
        render json: {errors: "未经授权"}, status: :unauthorized unless @current_user
    end
end

请注意,我将代码部分保留为原文,没有进行翻译。

英文:

I have a Ruby on Rails backend, currently using cookies & sessions to authenticate and login users. I believe session's default end time is when the user closes their browser, but I want the session to end 1 hour after being created.

Below are the controllers used to create the session and authenticate users:

sessions_controller.rb

class SessionsController < ApplicationController
    skip_before_action :authorize, only: [:create]
    include ::ActionController::Cookies
    
    def create
        user = User.find_by(email: params[:email])
        if user && user.authenticate(params[:password])
            session[:user_id] = user.id
            render json: user
        else
            render json: {errors: "check email and password"}, status: :unauthorized
        end
    end

    def destroy
        session.delete :user_id
        head :no_content
    end
end

users_controller.rb

class UsersController < ApplicationController

    skip_before_action :authorize, only: [:create]
    
    def show
        render json: @current_user
    end
end

application_controller.rb

class ApplicationController < ActionController::API
    include ActionController::Cookies

    before_action :authorize

    private

    def authorize
        @current_user ||= User.find_by(id: session[:user_id])
        render json: {errors: "Not authorized"}, status: :unauthorized unless @current_user
    end
end

答案1

得分: 1

你可以在初始化器中设置过期时间,如下所示:

Rails.application.config.session_store :cookie_store, key: '你的自定义会话键', expire_after: 1.hour.to_i

这将确保你的会话在1小时后过期。你可以尝试使用较短的时间框架,如1.minute,以进行验证。

英文:

You can set the expiry time in an intializer like so:

Rails.application.config.session_store :cookie_store, key: '_your_custom_session_key', expire_after: 1.hour.to_i

This will make sure your sessions expire after 1 hour. You can try with a smaller time frame like 1.minute to verify.

huangapple
  • 本文由 发表于 2023年2月14日 22:41:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/75449413.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定