AuthLogic perishable_token resets on every request

Question

In my User model I have:

acts_as_authentic do |c|
  c.perishable_token_valid_for = 30.minutes
end

In my Application Controller I have the standard boilerplate code:

def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.record
end

Now in my view I need to see if a user is logged in:

<% if current_user %>
  Sign Out
<% else %>
  Sign In
<% end %>

On every single request, current_user is being called, and that causes a SELECT call to be made to the database to find the user, then an UPDATE call that updates the last_request_at and perishable_token even though I set perishable_token_valid_for = 30.minutes.

1. Does anyone have a better way to see if a user is logged in without causing a SELECT and UPDATE on every single page of my app.

2. Does anyone know why the perishable token keeps updating even if I set it to be valid for 30 minutes???

Answer 1

perishable_token_valid_for isn't doing what you think it is. It's intended to work in tandem with find_using_perishable_token which is intended for things like account validation and resetting a forgotten password. The default timeout is 10 minutes.

The token is supposed to update on every request like it's doing. You can just remove the column if you don't want it. It's completely optional with authlogic.

If you really do want to keep the perishable token but update it completely by hand, you can do disable_perishable_token_maintenance = true