search

jeremyevans / rodauth

Ruby's Most Advanced Authentication Framework
http://rodauth.jeremyevans.net
MIT License
1.69k stars 95 forks source link

Allow setting additional values to the active session record #159

Closed janko closed 3 years ago

janko commented 3 years ago

This allows overriding the active session insert hash to add additional values, which makes it easier to assign things such as IP address, device type, or country/city to active sessions, for giving the user a better overview of their active sessions.

active_session_insert_hash do
  super.merge(
    ip: request.ip,
    user_agent: request.user_agent,
    ...
  )
end
jeremyevans commented 3 years ago

Thanks for the patch! This looks good to me. I'll test and merge on Monday.

janko commented 3 years ago

As discussed on the google group, I've also added an active_sessions_update_hash method for updating the currently active session with current data. This is useful for keeping the extra session data up-to-date on each request, e.g. updating the IP address when it has changed.

I wanted it to also be possible to do these updates if session inactivity deadlines are disabled. As I see it, even without the new configuration methods for adding extra data, it might still be useful to keep the last_use column up-to-date. So I added a update_current_session? configuration method which defaults to true when session_inactivity_deadline is set.

Because I sensed that we might want to keep the active_sessions_* naming convention, I've renamed the original active_session_key_insert_hash and active_session_key_value methods to active_sessions_insert_hash and active_sessions_key.

janko commented 3 years ago

@jeremyevans Thanks a lot for such a quick review and merge 🙏🏻