Merge pull request 'Expire inactive sessions, optionally allow to stay signed in' (#82) from feature/8-session_timeouts into master

Reviewed-on: #82 Reviewed-by: galfert <garret.alfert@gmail.com>
2023-03-31 07:58:24 +00:00
parent f9b07bcb01 a8a8fba14c
commit 324809f77e
10 changed files with 66 additions and 29 deletions
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -186,13 +186,13 @@ Devise.setup do |config|

  # ==> Configuration for :rememberable
  # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 2.weeks

  # Invalidates all the remember me tokens when the user signs out.
  config.expire_all_remember_me_on_sign_out = true

  # If true, extends the user's remember period when remembered via cookie.
-  # config.extend_remember_period = false
+  config.extend_remember_period = true

  # Options to be passed to the created cookie. For instance, you can set
  # secure: true in order to force SSL only cookies.
@@ -210,7 +210,7 @@ Devise.setup do |config|
  # ==> Configuration for :timeoutable
  # The time you want to timeout the user session without activity. After this
  # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 30.minutes

  # ==> Configuration for :lockable
  # Defines which strategy will be used to lock an account.