Using env["devise.skip_trackable"] to prevent updating user.last_activity isn't working

[Kevin North]

Similarly to this thread:

https://groups.google.com/forum/#!searchin/plataformatec-devise/devise.skip_trackable/plataformatec-devise/7hshdUjUTsY/4_mGvhZi3FkJ

I'm building a component to automatically log users out after they've timed out on a website. Following the advice in that thread, I added before_filter env["devise.skip_trackable"] to the controller with the actions I'm using for the component. Even so, when the controller's actions are accessed, user.last_activity is updated. What am I doing wrong?

I'm using Ruby 2.0.0-p247, Rails 4.0.0, and Devise 3.0.0.rc.

This is my controller code:

class SessionTimeoutController < ApplicationController

  before_filter :authenticate_user!

  before_filter :skip_timeout, only: [:check_time_until_logout, :has_user_timed_out]

  def skip_timeout

    puts "devise.skip_trackable"

    env["devise.skip_trackable"] = true

  end

  def check_time_until_logout

    @time_left = current_user.timeout_in

    respond_to do |format|

      format.json { render json: @time_left, status: :created}

    end

  end

  def has_user_timed_out

    @has_timed_out = (!user_signed_in?) and (current_user.timedout? (Time.now))

    respond_to do |format|

      format.json { render json: @has_timed_out, status: :created}

    end

  end

  def reset_user_clock

    # Receiving an arbitrary request from a client automatically

    # resets the Devise Timeoutable timer.

    head :ok

  end

end

One thing that I noticed that's strange is that it looks like my skip_timeout filter is executed *after* user.last_activity is updated. Notice that I inserted a puts statement into skip_timeout. This is the output I get in my Rails console when I access check_time_until_logout:

Started GET "/session_timeout/check_time_until_logout" for 10.0.2.2 at 2013-07-2

4 22:23:05 +0000

Processing by SessionTimeoutController#check_time_until_logout as JSON

  ConfigVar Load (0.1ms)  SELECT `config_vars`.* FROM `config_vars` WHERE `config_vars`.`name` = 'maintenance_mode' ORDER BY `config_vars`.`id` ASC LIMIT 1

  User Load (0.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 14 ORDER BY `users`.`id` ASC LIMIT 1

   (0.1ms)  BEGIN

  SQL (0.2ms)  UPDATE `users` SET `last_activity_at` = '2013-07-24 22:23:05', `updated_at` = '2013-07-24 22:23:05' WHERE `users`.`type` IN ('CitizensRep') AND `users`.`id` = 14

   (0.6ms)  COMMIT

devise.skip_trackable

Completed 201 Created in 7ms (Views: 0.2ms | ActiveRecord: 1.2ms)

Is there something I need to do to make sure that skip_timeout is called sooner?

[Kevin North]

I figured out what I needed to do. I discuss it on this StackOverflow thread: http://stackoverflow.com/questions/17791626/devise-make-a-request-without-resetting-the-countdown-until-a-user-is-logged-o