Menu
And if so, how are they different that that is possible?
And if not, why do both exist? Why not have one without the other? If you don't have :timeoutable, then the session is automatically remembered. If you don't have :rememberable, then the session automatically times out.
http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable
http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable
450
Timeout:
last_request_at is saved in the session and checked very time before processing a request.last_sign_in_at in User model (which is used to set the last_request_at session variable). Please refer trackable hook in devise, the flow is easy to track.Remember Me:
remember_user_token is stored as a cookie in the browser along with remember_me_created_at attribute in the devise model (User) in your database. remember_me? is called before each action to determine whether to continue without signing in.Both in place:
If both timeout and rememberable is enabled in your application then rememberable overwrites the timeout flow.
Here, you can see that sign_out happens after timeout only when proxy.remember_me_is_active?(record) is not true.
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
