问题
I'm having a problem using an authlogic single access token to access a page when logout on timeout is set to true and a timeout is set.
user.rb:
acts_as_authentic do |c|
c.logged_in_timeout = 15.minutes
end
user_session.rb:
logout_on_timeout true
controller:
def single_access_allowed?
["download_xml"].include?(action_name)
end
If I try to access a page/method using the token it redirects straight away to my login page. The logout on timeout works when its turned on.
If i remove the timeout code and just have acts_as_authentic in the user.rb, the single access token works.
I want to be able to use the single access token so another application can open an xml file from my ruby on rails website.
Any ideas on what I might have done wrong and where to look to fix it and make it work?
Using authlogic 3.0.3 and rails 3.0.7.
回答1:
This reply from jgdreyes last Sept 27 at https://github.com/binarylogic/authlogic/issues/64 worked for me:
I went ahead and extended Authlogic's stale? method so that it does not see requests as stale? if accessing via single_access?. This keeps logic for logout_on_timeout intact.
class UserSession < Authlogic::Session::Base logout_on_timeout true
def stale?
return false if single_access?
super
end
end
来源:https://stackoverflow.com/questions/6703351/rails-3-authlogic-problem-with-single-access-token-and-logout-on-timeout