在使用devise的Rails中:如何确定用户是否已从其他浏览器注销?
[英]In Rails using devise: How can I find out if a user has logged out from a different browser?
问题描述
Currently, I can tell if a user has singed in and how long it has been online, but I cannot find out if a user has signed out from a different browser when. 
目前,我可以告诉用户是否已经唱歌,并且已经在线了多长时间,但是我无法确定用户何时从其他浏览器退出。 Here is the current code I have so far: 这是我到目前为止的当前代码:
- if current_user
= "(last login #{time_ago_in_words(user.current_sign_in_at)} ago) - #{user.current_sign_in_at ? 'currently online' : ''}"
- else
= "(last login #{time_ago_in_words(user.current_sign_in_at)} ago)"
2 个解决方案
解决方案1
0 2015-11-30 05:09:53
As far as I know, there is nothing specific for this in Devise. 据我所知,Devise中对此没有特定的规定。 You can track a particular user's session by storing a unique token specific to that user in the database. 您可以通过在数据库中存储特定于该用户的唯一令牌来跟踪特定用户的会话。
Create a migration to add the field for storing the token. 创建迁移以添加用于存储令牌的字段。
Check the token for every logout and you can save the timestamp. 检查每次注销的令牌,您可以保存时间戳。
I think this way, you know when user has logged out from which browser. 我认为,您知道用户何时从哪个浏览器注销。
Hope it helps! 希望能帮助到你!
解决方案2
0 2015-11-30 07:21:37
You can try 你可以试试
Store a timestamp in your session so that you can timeout a session after a certain period of inactivity. 将时间戳记存储在会话中,以便在一段时间不活动后可以使会话超时。 If you use Devise, you can achieve this easily with the timeoutable module . 如果使用Devise,则可以使用timeoutable模块轻松实现此目的 。 This presents a slight conundrum: if you set the timeout too low, then it'll be pretty annoying for your users. 这带来了一个小难题:如果您将超时设置得太低,那么对于您的用户来说将非常烦人。 But the longer the timeout, the less useful it is for security (if the attacker gets in before hitting the timeout, they can just keep refreshing to keep their session active). 但是超时时间越长,对安全性的用处就越小(如果攻击者在超时之前进入,他们可以保持刷新以保持会话活动状态)。
Track active session ids on the server side (whilst still storing the actual session data in cookies). 在服务器端跟踪活动的会话ID(同时仍将实际的会话数据存储在Cookie中)。 This means you can invalidate sessions whenever you want. 这意味着您可以随时使会话无效。
add a SessionActivation model to track which sessions are active. 添加SessionActivation模型以跟踪哪些会话处于活动状态。 Here's the migration: 这是迁移:
class AddUserActiveSessions < ActiveRecord::Migration
def change
create_table :session_activations do |t|
t.integer :user_id, null: false
t.string :session_id, null: false
t.timestamps
end
add_index :session_activations, :user_id
add_index :session_activations, :session_id, unique: true
end
end
Here's the class: 这是课程:
class SessionActivation < ActiveRecord::Base
LIMIT = 20
def self.active?(id)
id && where(session_id: id).exists?
end
def self.activate(id)
activation = create!(session_id: id)
purge_old
activation
end
def self.deactivate(id)
return unless id
where(session_id: id).delete_all
end
# For some reason using #delete_all causes the order/offset to be ignored
def self.purge_old
order("created_at desc").offset(LIMIT).destroy_all
end
def self.exclusive(id)
where("session_id != ?", id).delete_all
end
end
Make some changes to the User model: 对用户模型进行一些更改:
class User < ActiveRecord::Base
# ...
has_many :session_activations, dependent: :destroy
def activate_session
session_activations.activate(SecureRandom.hex).session_id
end
def exclusive_session(id)
session_activations.exclusive(id)
end
def session_active?(id)
session_activations.active? id
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.