0

我在我的一些网站控制器上使用 Rails HTTP 摘要身份验证。它对我的目的工作正常,但它超时非常快。

如何调整 HTTP 摘要认证的超时参数?如何为 HTTP 基本身份验证实现注销?

谢谢,

4

1 回答 1

1

If a user leaves the site, or closes their browser, etc, and you would like them to stay logged in:

In your SessionsController:

def create
    member = Member.find_by_user_name(params[:user_name])
    if member && member.authenticate(params[:password])
      session[:member_id] = member.id
      if params["remember_me"] == "1"
        cookies[:digest] = {:value => member.password_digest, :expires => Time.now + 720000}
      else
        cookies[:digest] = nil
      end
      redirect_to (url_to_go_to_after_login), :notice => "Logged in!"
    else
      redirect_to (login_url), :alert => "Invalid email or password"
    end
  end

How to log out a user:

  def destroy
    session[:member_id] = nil
    cookies[:digest] = nil
    redirect_to url_to_go_to_after_logout, :notice => "Logged out!"
  end

How to log in a user from the rememberme cookie:

  def new
    if member = Member.find_by_password_digest(cookies[:digest])
      session[:member_id] = member.id
      redirect_to (url_to_go_to_after_login), :notice => "Hello#{member.first_name}"
    end
  end

To set the expire time for later (should work in rails > 2.3 https://github.com/rails/rails/blob/2-3-stable/actionpack/lib/action_controller/session/abstract_store.rb#L175 ):

Your::Application.config.session_store :active_record_store, {
  key: "your_session_id",
  domain: ".your-domain.com",
  expire_after: 48.hours,
}
于 2013-06-20T16:13:47.290 回答