it’s time to announce my second plugin for ruby on rails, limited_sessions.
it’s been publicly available for several days, so i guess it’s time that i actually talk about it.
this came out of a need to manage sessions more intelligently than rails does by default. all of these is built as an extension to ActiveRecordStore, so sessions must be stored in the db. features:
configurable, server-enforced session expiry time (eg: 2 hours from last access)
optional hard limit on session from login time, regardless of access (eg: 8 hours from login)
ability to tie session to user’s IP or /24 subnet
auto-cleaning of expired sessions from db without an external script or other helper
in ruby’s CGI::Session module, sessions are stored as a block of seeming junk, like this: “BMZWRlcm1hbiBCb25kaW5nIENvb”. it’s actually an encoded format which is all well and fine until you need to read something out of it for debugging purposes.
if you are using rails’ ActiveRecordStore, the contents of a session can be read fairly simply. since this relies on an AR model called Session, which your app most likely doesn’t have, we’ll create that too.
so, fire up 1script/console and input the following: