My sinatra application uses Rack::Session::Pool and it works fine.
I created a logout route using session.clear and it works fine as well.
But (there is always one) if the user closes the browser without clicking in the logout button the user keeps logged when he reopens the browser.
I checked the cookies in firefox and the session cookie (rack.session) still there! I went to my site, went to another site, verified the cookies and it was there, closed the browser and opened it again and the rack.session still there :( My client even rebooted his machine and he still logged in the site.
If I set the expire_date in the Rack::Session::Pool it works but then the cookie became persistent. I want the user's session to expire when he closes the browser regardless of expiration date (the worse case scenario is an user in a public computer or in a lan house).
I'm already working on this for 2 days, I looked in the rack source and I tried setting the others variables in the Rack::Session::Abstract but with no success until now.
For now I set the session to expire in 5 minutes to minimize the problem but this is not a good solution since the user still exposed for 5 minutes since his last request (if the users don't hit the logout button).
This is my cookie configuration:
app = MyApp.new
sessioned = Rack::Session::Pool.new(app,
:domain => DOMAIN,
:expire_after => 5 * 60)
run sessioned
Maybe I missing something here. Does anyone know what could be the problem? or had the same problem? Or any link?
Cheers,
Jonas
