how to timeout a session in rails 2.3.9

[skrite]

I am running a rails 2.3.9 app and I cannot seem to make the session expire.

I have tried the :expires_after => in the environment.rb and it works in webrick, but crashes on nginx with passenger.

Is there a way in the application controller or somewhere else that I can set a session variable to timeout after a certain amount of time ?

thanks for any tips

[Hassan Schroeder]

On Wed, Jun 3, 2015 at 7:20 AM, skrite <sh...@skrite.net> wrote:
> I am running a rails 2.3.9 app

Unsupported, known insecure version of Rails (and probably Ruby) --
have you considered upgrading? :-)

> I have tried the :expires_after => in the environment.rb and it works in
> webrick, but crashes on nginx with passenger.

That should be :expire_after according to the doc; which are you
actually using?

--
Hassan Schroeder ------------------------ hassan.s...@gmail.com
http://about.me/hassanschroeder
twitter: @hassan
Consulting Availability : Silicon Valley or remote

[skrite]

i cannot really upgrade. I would love too, but i have a bazillion lines of code for this version running.

you were right. terminology was wrong expire_after not expires..

tested and working now, thanks very much !

sk

[Rob Biedenharn]

At the VERY least, you should upgrade to Rails 2.3.18 as there were security fixes in every one of those 9 updates (some of them quite serious!).

Speaking as someone who also has a client with many lines of code running in a Rails 2.3.18 framework-based application, you can really upgrade (a little bit).

-Rob

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/915430a1-3b52-4a6e-abf6-0e8f4aa6e10c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Hassan Schroeder]

On Wed, Jun 3, 2015 at 9:17 AM, skrite <sh...@skrite.net> wrote:
> i cannot really upgrade. I would love too, but i have a bazillion lines of
> code for this version running.

At the very least consider upgrading to 2.3.18 (last in the line) for
the security fixes. You'll see deprecation warnings but your code
should work as is.

Also, assuming you're on Ruby 1.8.7, consider moving to the 1.4.x
branch of Rubinius, which is 1.8.7 compatible and still maintained.

> you were right. terminology was wrong expire_after not expires..
> tested and working now, thanks very much !

Great, good to hear.

[Colin Law]

On 3 June 2015 at 17:17, skrite <sh...@skrite.net> wrote:
> i cannot really upgrade. I would love too, but i have a bazillion lines of
> code for this version running.
> you were right. terminology was wrong expire_after not expires..

So expires_after worked correctly in webrick. Very strange.

Colin

[skrite]

Thanks to all on the upgrade to .18

will do this over the weekend.

thanks again to all

sk

On Wednesday, June 3, 2015 at 9:20:52 AM UTC-5, skrite wrote: