Authlogic and Multiple Sessions for the Same User

Authlogic and multiple sessions for the same user

Ok so the perishable token was absolutely not the right path ;)

We "just" need to reset the persistence token every time a user logs in or logs out.
With this in my UserSession model, every user gets logged off from any other session when logging in.

class UserSession < Authlogic::Session::Base
    before_destroy :reset_persistence_token
    before_create  :reset_persistence_token

    def reset_persistence_token
        record.reset_persistence_token
    end 
end

Multiple applications using Authlogic, authenticating users in one database?

It seems that there still hasn't been a solution posted to the original question.

I had a similar problem. I had multiple rails applications and I needed to be able to track users between activity on all of them. So, I wanted to have a single application for managing users and tracking and all the other applications would connect to this user database to authenticate.

I was already using Authlogic for some other projects, so I was hoping that it would be as simple as changing some configuration settings.

Here's My solution:

I created the main user tracking application. There was nothing special about the application. It allowed users to register, log in, log out, etc. Once users were logged in they could then navigate to the other apps.

In the environments.rb file of my user application and every application needing to authenticate with the base application, you need to set up the session key and domain to be the SAME.

config.action_controller.session = {
  :session_key => '_my_app_session',
  :secret      => '_long_secret_session_key_here',
  :domain => ".basedomain.com" 
}

Each of my applications are under their own subdomain, such as app1.basedomain.com app2.basedomain.com
I'm not sure if this would work otherwise without some more changes.

In each application, Create the UserSession

class UserSession < Authlogic::Session::Base   
end

and User models.

class User < ActiveRecord::Base
   establish_connection "users_database"
   acts_as_authentic 
end

What is different in this User model is that it now has the establish connection method. the "users_database" is in the database.yml file and points to the database for the central user management application.

I didn't go as far as having log in and log out throughout my sub-applications, but if you did you would have to create the UserSessionsController as well.

In each application that uses authentication, I included some helper methods in the ApplicationController, for example,

   def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find
   end

   def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.record
   end

   def require_user
     unless current_user
       store_location
       redirect_to 'http://main_user_login_page'
       return false
     end
   end

Then I can use 'require_user' in my controllers where I want authentication just like I can in my main user application.

Hope this helps.

Chase M Gray

Creating more than one value for logged-in-timeout in Authlogic

Here is the solution I found. I did extend the definition of logged_in_timeout from authlogic to use this new logic. I did so in the User model:

class User < ActiveRecord::Base
  acts_as_authentic do |config|
    config.login_field = :email
    config.logged_in_timeout = 5.days
  end

  <...>

  def logged_in_timeout
    if self.role == 'admin'
      60.minutes
    else
      self.class.logged_in_timeout
    end
  end
end

Ruby on Rails: how can I store additional data in the session for authlogic

Why would you not just store the value in the session?

session[:extra] = @extra_id.id

The Authlogic current_user is simply a value in the current session, managed by the Rails stack itself.

AuthLogic seems to update the user record multiple times for one request

I dug around and found a solution:

UserSession.last_request_at_threshold = 10.minutes

As I understand the place to set this - is in UserSession. ( This can be set in initalizer as well, like authlogic.rb)

The reason there are multiple updates is that it updates last_request_at EVERY time you do some kind of check against current_user. For instance when you use sign in status for some kind of work flow - i.e. to display menu items or parts of the page only for the users that are logged in.

Once you set last_request_at to a larger threshold - you get rid of these updates. For me that gets rid of about 10 update statements - each was taking about 0.5 ms - not a big his, but considering that I have 100 users ( internal app) - using this app all the time, and I don't need to track their last requests ( they are either in the building or not), I can limit it or even stop tracking it altogether - over the course of the day that's a 10's of thousands of extra updates to the db I don't need to make - and makes reading logs easier.

UPDATE

Even if you set it to just 1 second - that will still help - because now it will only update once of every request ( assuming your app doesn't have requests that take longer than a second - if you do that maybe a sign of another problem) Even if you check against current_user multiple times in the same request. I doubt there are any humans that can do multiple different requests at the same second.

Hope this helps

P.S.: Here is the q that started me on the right path: AuthLogic perishable_token resets on every request

---

Related Topics