Fixed logout on stale bug

Author: binarylogic

lib/authlogic/session/session.rb

@@ -6,7 +6,7 @@ module Session
     module Session
       def self.included(klass)
         klass.after_save :update_session, :if => :persisting?
-        klass.after_destroy :reset_session, :if => :persisting?
+        klass.after_destroy :update_session, :if => :persisting?
         klass.after_find :update_session, :if => :persisting? # to continue persisting the session after an http_auth request
       end
 
@@ -36,16 +36,9 @@ def session_credentials
           [controller.session[session_key], controller.session["#{session_key}_id"]].compact
         end
 
-        def reset_session
-          controller.session[session_key] = nil
-          controller.session["#{session_key}_id"] = nil
-        end
-        
         def update_session
-          if record
-            controller.session[session_key] = record.send(persistence_token_field)
-            controller.session["#{session_key}_id"] = record.send(record.class.primary_key)
-          end
+          controller.session[session_key] = record && record.send(persistence_token_field)
+          controller.session["#{session_key}_id"] = record && record.send(record.class.primary_key)
         end
     end
   end

test/session_tests/timeout_test.rb

@@ -40,8 +40,12 @@ def test_stale
       set_session_for(ben)
       session = UserSession.find
       assert !session.stale?
-      session.record.last_request_at = 3.years.ago
+      
+      ben.update_attribute(:last_request_at, 3.years.ago)
+      session = UserSession.find
       assert session.stale?
+      assert_nil @controller.session["user_credentials"]
+      assert_nil @controller.session["user_credentials_id"]
       UserSession.logout_on_timeout = false
     end
 
@@ -55,6 +59,7 @@ def test_stale_find
       assert session.stale?
 
       ben.update_attribute(:last_request_at, Time.now)
+      set_session_for(ben)
       session = UserSession.find
       assert !session.stale?
     end