Is your plugin hosted on GitHub? Make sure to press the "fetch" button next to the repository field to fetch your plugin's info from GitHub rather than typing it all in.
Repository
Name
Home Page
Short description A plugin to modify Ruby on Rails' standard database-backed sessions behavior to be more intelligent, including server-side session expiry and deleting expired sessions.
Description A plugin to modify Ruby on Rails' standard database-backed sessions behavior to be more intelligent. ### Features * Configurable session expiry time (eg: 2 hours from last page access) * Optional hard limit regardless of last page access (eg: 24 hours) * Optional ability to tie session to an IP or /24 subnet * Optional auto-cleaning of expired sessions ### Requirements * A functional Rails app that uses the standard ActiveRecordStore session store (config.action\_controller.session\_store = :active\_record_store) * Ensure your sessions table has an \`updated_at\` column * If using hard session limits, a \`created_at\` column ### Limitations * IP restrictions are not IPv6 enabled for subnets (although it should work for a full match) * IP restrictions may or may not be sufficient or even work if a proxy is involved on the client side ### Installation Simply add this plugin into your rails app and configure if required. To add to your rails app: ./script/plugin install -x http://svn.iprog.com/projects/rails/plugins/limited_sessions (drop the -x if you don't use subversion in your project or don't want to manage plugins via svn:externals) ### Configuration There are several options that can be configured. They should be placed at the end of config/environment.rb (or the individual environment.rb files if that's preferred). CGI::Session::ActiveRecordStore::Session.recent_activity_limit = 2.hours This will expire sessions after the given period of time. This is managed on the server side and if the user closes their browser, the session will be gone. Default is 2 hours. CGI::Session::ActiveRecordStore::Session.hard_session_limit = 24.hours Sessions can also be forcefully expired without regard to the last activity. So if this is set to 24 hours and the above is two hours, the session will be terminated if a) the user has been inactive for more than two hours OR b) it has been more than 24 hours since the session began. Default is disabled (nil). Requires a \`created_at\` column in the session table. CGI::Session::ActiveRecordStore::Session.auto_clean_sessions = 1000 Does a random test to see if the app should delete all expired sessions now. The odds are 1 in whatever value is provided here. 0 will disable this option. Default is 1000. A busy site may want 10000 or higher. ActionController::CgiRequest.ip_restriction = :subnet If set to :subnet, will compare the first three quads of the IPv4 address for a match. If set to :exact, will compare the full IP address (which should also work for IPv6). If no match, the session will be reset. Default is :none. Stores the IP match data in the session store as session[:ip].
Description format RDoc MarkDown Textile
License Ruby's Rails' (MIT) GPL LGPL BSD Apache Artistic PublicDomain BSD-type Free-Trial Free-but-Restricted OpenSource Proprietary Shareware Source-available-proprietary Commercial
Category Assets Controllers Internationalization Misc. Enhancements Model Rails Engines Searching and Queries Security Statistics and Logs Testing View Extensions
