activerecord-session_store icon indicating copy to clipboard operation
activerecord-session_store copied to clipboard
verified publisher icon rails

updated_at only changes after post or delete

Open iamdriz opened this issue 8 years ago • 1 comments

I've noticed that the sessions' updated_at column only changes when doing a POST or DELETE. If you just navigate around your app (so just doing GET requests) the session updated_at doesn't change to the current time. This means you can't see when the user last made a request, and so you can't delete sessions from the database that are older than the expiration time set in session_store.

My solution to this was to add a method to my ApplicationController:

def update_session
  current_session = Session.where(session_id: request.session_options[:id]).first
  current_session.update(:updated_at => Time.now) if current_session.present?
end

That I call in the before_action so that it updates the session whenever a user makes any request!

iamdriz avatar Jan 18 '17 17:01 iamdriz

I think it is because POST and DELETE requests change the session to log the CSRF token. If your GET request changes the session does it also update it in the database?

rafaelfranca avatar May 11 '17 22:05 rafaelfranca