Always set session[:updated_at] to avoid logging out users when the administrator turns on session expiration.

pull/244/head
Christian Rijke 11 years ago committed by Michael Frister
parent 3956f024d0
commit 1ba73c4ef9
  1. 21
      app/controllers/application_controller.rb

@ -616,21 +616,18 @@ class ApplicationController < ActionController::Base
ActiveSupport.run_load_hooks(:application_controller, self)
def check_session_lifetime
if Setting.session_ttl_enabled? && Setting.session_ttl.to_i >= 5
if session[:updated_at].nil? || session_expired?
self.logged_user = nil
if request.get?
url = url_for(params)
else
url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
end
flash[:warning] = I18n.t('notice_forced_logout', :ttl_time => Setting.session_ttl)
redirect_to(:controller => "account", :action => "login", :back_url => url)
if Setting.session_ttl_enabled? && Setting.session_ttl.to_i >= 5 && (session[:updated_at].nil? || session_expired?)
self.logged_user = nil
if request.get?
url = url_for(params)
else
session[:updated_at] = Time.now
url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
end
flash[:warning] = I18n.t('notice_forced_logout', :ttl_time => Setting.session_ttl)
redirect_to(:controller => "account", :action => "login", :back_url => url)
end
session[:updated_at] = Time.now
end
private

Loading…
Cancel
Save