Hi, welcome to Word of Mike, my little corner of the internet. I am a Software/Web Developer working in North Yorkshire. I mainly write about programming but my other passion is politics so beware. (click to hide)
12-11-2015 16:45
Testing Session Expiry in Rails
We had a recent issue with a Rails app whereby the sessions weren't expiring as we expected.
To set an expiry on session cookies you use the 'expire_after' option in your session store configuration (typically config/initializers/session_store.rb) like this:
MyApp::Application.config.session_store(:cookie_store, { key: '_my_app_session', expire_after: 4.hours })
It turned out I'd made a silly error and used "expires_after" instead of the correct "expire_after", so it was being silently ignored and sessions weren't expiring.
I wanted to write a test to ensure that sessions were expiring after the correct period of time and that problems like this didn't silently occur in the future. I took inspiration from the Rails framework test for expire_after to come up with this:
require 'minitest/mock' class SessionTest < ActionDispatch::IntegrationTest test "session expiration works" do user = users(:user_one) get "/login" assert_response :success # stub Time.now to a fixed time so we know what to check for time = Time.now Time.stub :now, time do post_via_redirect "/login", { email: user.email, password: "Password123" } assert_equal '/dash', path, "Login failed." # get the expected expiry time string expected_expiry = (time + 4.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000") # check the cookie matches this regexp expression containing the # expiry time assert_match /_my_app_session=[^;]+; path=\/; expires=#{Regexp.quote(expected_expiry)}; HttpOnly/, headers['Set-Cookie'], "Cookie not with correct expiry time" end # go forward 3 hours (less than our expiry) and check our session # is still valid second_request_time = time + 3.hours Time.stub :now, second_request_time do get '/dash' assert_equal '/dash', path end # go forward 5 hours from our last request (more than expiry time) # and check that it's redirecting us to the login page, thus # meaning our session has expired. third_request_time = second_request_time + 5.hours Time.stub :now, third_request_time do get '/dash' assert_redirected_to login_path end end end
- 27-02-2015 17:46
Rake Tasks to Version Your Rails App
- 13-01-2015 00:57
Nested Key Representation from Ruby Hash
- 14-12-2014 18:51
Parallel Query in Rails (Querying Multiple Databases)
- 08-12-2014 21:49
A Brief Analysis of Betfair Exchange Place Prices
- 14-09-2014 19:11
Building a Horse Racing Predictor Part 1
- 06-08-2014 13:25
Easy Active Record Search Pattern
- 07-05-2014 11:30
Unusual Error with ActiveSupport::TestCase
- 01-04-2014 09:18
Highlighting Active Tabs in Rails
- 14-11-2013 11:38
Responsive Data Grids with JavaScript
- 12-09-2013 20:01
Ruby Multi Dimensional Array Thing
- 02-09-2013 10:20
Parsing Time Duration Strings to Milliseconds in Ruby
- 22-08-2013 14:56
Preventing Duplicate ActiveRecord Joins
- 19-07-2013 17:52
Modifying Rails Validations at Run Time
- 07-06-2013 13:22
Lightweight, Flexible Sinatra API
- 04-06-2013 21:15
Rendering Ordered Backbone.js Collections
- 30-04-2013 11:03
Removing/ Rewriting All Indexes in Rails Migration
- 10-03-2013 18:01
About Time, Too
- 08-03-2013 21:27
Just Another Ruby Idiom
- 23-01-2013 11:24
Only Generate Stubbed-out Controller with Scaffold
- 02-01-2013 13:13
Nginx, Rails, Passenger: 502 Bad Gateway
- 21-10-2012 15:12
Setting Up A Ubuntu Server with Nginx & Passenger for Ruby on Rails
- 18-08-2012 16:08
Maintaining Text Legibility Dynamically with JavaScript
- 12-07-2012 17:10
Bit of Fun with Log Parser
- 23-03-2012 20:14
Retweet This, or Perhaps Think for Yourself?