I would like to build a rake task or a tool to destroy all active sessions that is called from CLI when I want and on every night at around 9:00 pm or so.
I found that Devise has the ability to specify a timeout. I use Devise for user sessions. About a third of my users' sessions never time out, despite their system remaining inactive for over one hour.
I don't know what kind of job I need. Feedback would be a plus. Also maybe some links to documentation. Additionally, I can't figure out how to target sessions to destroy them. Rails guides and so on are not clear regarding if it destroys one user's session or all server-client sessions. I need all client-server sessions to be de-activated. Documentation is great, but I like some good explanation.
You could store your secret_key in an ENV variable. In fact, you should try to keep your secret_token away from source control. So you should have an ENV variable that you can change at runtime. Like this:
YourApp::Application.config.secret_token = ENV['SECRET_TOKEN']
To create a secure token you should use SecureRandom.hex(64).
But anyway, if all you want is track when users visit the site, you could create a before_filter that runs before certain actions. A simple example would be:
class ApplicationController < ActionController::Base
before_filter :save_time_of_last_visit
def save_time_of_last_visit
current_user.touch(:last_sign_in_at) if user_signed_in?
end
end