class Warden::SessionSerializer
Each time the user record is fetched from a session, the record is consulted (via #session_expired?
) to determine if the last_request_at
time in the session is valid, or if the session should be considered as having timed out. If the session is deemed to have timed out, the record is disregarded.
Unlike the Devise
timeoutable
module, devise_session_expirable does not support invalidation of authentication tokens from the devise token_authenticatable
module when a request with a valid authentication token is accompanied by an expired session.
Public Instance Methods
fetch(scope)
click to toggle source
# File lib/devise_session_expirable/warden_extensions.rb, line 15 def fetch(scope) key = session[key_for(scope)] return nil unless key method_name = "#{scope}_deserialize" user = respond_to?(method_name) ? send(method_name, key) : deserialize(key) user = nil unless valid_for_deserialization?(scope, user) delete(scope) unless user user end
Private Instance Methods
session_for_scope(scope)
click to toggle source
# File lib/devise_session_expirable/warden_extensions.rb, line 41 def session_for_scope(scope) session["warden.user.#{scope}.session"] ||= {} end
valid_for_deserialization?(scope, user)
click to toggle source
# File lib/devise_session_expirable/warden_extensions.rb, line 28 def valid_for_deserialization?(scope, user) ! validate_session_expiration(scope, user) end
validate_session_expiration(scope, user)
click to toggle source
# File lib/devise_session_expirable/warden_extensions.rb, line 32 def validate_session_expiration(scope, user) is_expired = false if user && user.respond_to?(:session_expired?) last_request_at = session_for_scope(scope)['last_request_at'] is_expired = user.session_expired?(last_request_at) end env['devise.timeout'] = is_expired end