The personal blog of Steve Alex
Gadsden, Alabama
Everyone knows engineers can’t write! I
is
an
engineeer!
But...
I Wish I Could Write!
Home
About This Site
Articles Categories
All
moneypit
code
thoughts
golf
other
rails
food
vfw
Recent Posts
Rails 8 Basic Auth - Missing Pi
March 20, 2025
test 4 col
March 11, 2025
Just a test
March 08, 2025
Bottom of the Ladder
March 08, 2025
Rail Basic Authorization (after
March 07, 2025
I've spend a good deal of time with Rails Basic Authentication scaffold. I think I installed it on a new app in late January and have spent way to much time trying to figure it out. While I've used Rails since v 0.9, I'm just a hobbyist and not very good or fast. I did write a post a few weeks back on the same subject. Rails Basic Authorization (after Basic Authentication) [Rails Basic Authorization (after Basic Authentication)](https://dev.to/salex/rails-basic-authorization-after-basic-authentication-4ool) that was my first attempt at using it. I think the scaffold came out late last year. There is quit a bit written about it. I'll just add a little more to that. One thing missing was Session Expiry - mentioned in several posts I added it! But to took me a while before I figured out I was just going in circles. Spent a lot of time trying to figure out how to terminate a session. I didn't realize that it was simple as terminate_session. I though the methods in authentication.rb were private! There not! I added 6 lines to authentication.rb. My demo app is a Blog type app that has a public view and a private view. Private being adding articals and a few other thing. Public - just to read the articles. I had a problem that if I was in the public view, I would just sign-in again. That would generate a new Session and would orphan the last one. To get rid of that I added 6 lines to authentication.rb: ``` ruby def start_new_session_for(user) # klude to stop dual logins using login has_session = Session.find_by(user_id: user.id) # should be 0 or 1 if has_session Current.session = has_session cookies.signed.permanent[:session_id] = { value: Current.session.id, httponly: true, same_site: :lax } else user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session| Current.session = session cookies.signed.permanent[:session_id] = { value: session.id, httponly: true, same_site: :lax } end end end ``` For the missing piece - session_expiry - I added 12 lines to the application_controller.rb. ``` ruby class ApplicationController < ActionController::Base include Authentication allow_browser versions: :modern before_action :session_expiry def session_expiry if session[:expires_at].present? && session[:expires_at] < Time.now terminate_session reset_session redirect_to login_path, flash: {alert: "Your session has expired!"} else session[:expires_at] = Time.now + 2.hours end end ``` I have some versions of other/older apps that session_expiry is twice a long and convoluted! This is kinda simple. Just set a session attribute! That's it. Just a short piece on missing pieces!
Rails 8 Basic Auth - Missing Pieces
March 20, 2025