Rails 4: Session Expiry?
add this to your application controller:
before_filter :session_expires, :except => [:login, :logout]
before_filter :update_session_time, :except => [:login, :logout]
def session_expires
@time_left = (session[:expires_at] - Time.now).to_i
unless @time_left > 0
reset_session
flash[:error] = 'Lorem Ipsum.'
redirect_to :controller => 'foo', :action => 'bar'
end
end
def update_session_time
session[:expires_at] = 60.minutes.from_now
end
Actually rails inherits from Rack::Session::Cookie
.
So you can configure expire_after
parameter in your session_store.rb
.
Sqore::Application.config.session_store(
:cookie_store,
key: '_name_session',
expire_after: 24.hours
)
Rails has "tamper-proof" session cookies. To prevent session hash tampering, a digest is calculated from the session with a server-side secret and inserted into the end of the cookie. Just make sure you have a long secret. If you want to periodically reset all user sessions change your secret.
To answer your question, if you want to add an extra time-out to the session data you could do:
session[:user_id] = user.id
session[:expires_at] = Time.current + 24.hours
Then, when authenticating users, do:
if session[:expires_at] < Time.current
# sign out user
end
Hope that helps.