我在我的一些网站的控制器上使用rails HTTP摘要认证。对于我的目的,它工作得很好,但它超时得很快。
如何调整HTTP摘要认证超时参数?如何实现HTTP基本认证的注销?
谢谢,
如果用户离开网站,或关闭浏览器等,而您希望他们保持登录状态:
在你的SessionsController:
def create
member = Member.find_by_user_name(params[:user_name])
if member && member.authenticate(params[:password])
session[:member_id] = member.id
if params["remember_me"] == "1"
cookies[:digest] = {:value => member.password_digest, :expires => Time.now + 720000}
else
cookies[:digest] = nil
end
redirect_to (url_to_go_to_after_login), :notice => "Logged in!"
else
redirect_to (login_url), :alert => "Invalid email or password"
end
end
如何注销用户:
def destroy
session[:member_id] = nil
cookies[:digest] = nil
redirect_to url_to_go_to_after_logout, :notice => "Logged out!"
end
如何从memorme cookie登录用户:
def new
if member = Member.find_by_password_digest(cookies[:digest])
session[:member_id] = member.id
redirect_to (url_to_go_to_after_login), :notice => "Hello#{member.first_name}"
end
end
设置过期时间(应该在rails> 2.3 https://github.com/rails/rails/blob/2-3-stable/actionpack/lib/action_controller/session/abstract_store.rb#L175中工作):
Your::Application.config.session_store :active_record_store, {
key: "your_session_id",
domain: ".your-domain.com",
expire_after: 48.hours,
}