问题
In working through Michael Hartl's railstutorial.org, I'm in Chapter 8 (specifically 8.2.3). The current problem is implementing a session to keep the user logged in across multiple views, but the functionality implemented in this section is supposed to be a temporary session that expires (logs the user out) when the browser window is closed. Here is the statement from the textbook indicating such:
If you quit your browser completely, you should also be able to verify that the application forgets your login status, requiring you to log in again to see the changes described above.
I've tested this functionality on both Google Chrome and Firefox -- I log in successfully, navigate to multiple pages (to make sure my session persists beyond the log_in redirect) and then close the browser -- but when I reload the web app, I'm still logged in. I've copied all the code exactly as its written in the text, but to no avail. For reference, here's my sessions_helper.rb file:
module SessionsHelper
# Logs in the given user.
def log_in(user)
session[:user_id] = user.id
end
# Returns the current logged-in user (if any).
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
# Returns true if the user is logged in, false otherwise.
def logged_in?
!current_user.nil?
end
end
And here is my sessions_controller.rb file (the destroy action has not been implemented yet, since I haven't gotten to the point in the text of giving the Logout button any functionality):
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
# Log the user in and redirect to the user's show page.
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
end
end
Note: In your answer(s), please do not suggest adding alternate code or changing existing code (unless you see a mistake with the code I've posted). The textbook assumes this is working code and doesn't need any alteration for it to properly function.
回答1:
Please, check your config/initializers/session_store.rb file. There should be something like
Rails.application.config.session_store :cookie_store, key: '_app_session'
You have to add expire_after key with nil value to the options:
Rails.application.config.session_store :cookie_store, key: '_app_session', expire_after: nil
After applying this change, the session will expire when user closes the browser. You can read more about cookies expiration here
回答2:
I know I'm chiming in a good seven months late, but I had this same question, and after a little extra googling, discovered it was answered two years ago here.
The problem is a browser setting, one I imagine most everyone uses these days: "When Firefox starts, show my windows and tabs from last time" or "On startup, continue where you left off." This issue is now mentioned as a footnote in the tutorial (Chapter 8, Note 1), but the best the author has to say about it is
...of course Rails has no control over this behavior.
来源:https://stackoverflow.com/questions/32621473/session-not-destroyed-when-closing-browser-railstutorial-org