Setting session timeout in Rails 3

Question

This seems simple: I am trying to get my rails Active Record session to timeout after 2 minutes. So after two minutes I want my users to have to re-login.

I'm just running rails server (i.e. WebBrick) on my local dev machine.

I know this is something to do with the following code in config/initalizers/session_store.rb, but I don't think I have quite nailed it:

CodedOn::Application.config.session_store :active_record_store  CodedOn::Application.configure do     config.action_controller.session = {:expire_after => 2.minutes} end 

This doesn't seem to work, or at least my session doesn't appear to timeout. I can't find much about the Rails 3 way to do this as I know things have changed from Rails 2.x.

Can some one help me out?

Answer 1

I think you will have to do this manually since the active record store does not implement the expire_after option. So within your (I assume) before filter, you should do this:

def authenticate   if session[:logged_in]     reset_session if session[:last_seen] < 2.minutes.ago     session[:last_seen] = Time.now   else     ... authenticate     session[:last_seen] = Time.now   end end 

Obviously, this is not complete, but it should give you the basic idea.

UPDATE:

It seems that the functionality IS present in rails since version 2.3. I found the relevant code here. This is AbstractStore which should serve as base class for all derived ones. So, as dadooda suggests, the following should work:

Some::Application.config.session_store :active_record_store, {   expire_after: 24.hours, } 

Answer 2

I did this in simple way you can try this:

In your config/initializers/session_store.rb just do this:

Yourapp::Application.config.session_store :cookie_store,                                               :key => "_yourapp_session",                                              :expire_after => 2.minutes 

This is working for me finely, hope works for you also.