authlogic failed_login_count

Reading time ~1 minute

Magic Columns failed_login_count 有点类似 rails的 created_at updated_at

选项 consecutive_failed_logins_limit

默认是 50

reset 机制

session/base.rb 的验证

      validate :reset_failed_login_count, if: :reset_failed_login_count?

exceeded_failed_logins_limit? 是否超过了最大登录限制

being_brute_force_protected? 这个method可以看到默认是2个小时

https://github.com/binarylogic/authlogic/blob/b204c8dcc01f0047386a7a8cefa671a05c50f6c1/lib/authlogic/session/base.rb#L591-L599

comments powered by Disqus