How to set rails session cookie expiration time to "session"

ruby-on-rails ruby session session-timeout
Lanbo picture Lanbo · Oct 14, 2012 · Viewed 22.4k times · Source

I'm not very experienced with the parts of Rails that are not on the surface.

All I want is to have a session cookie that has the expiration set to session so it expires when the user leaves their browser or whatever. As a security measurement.

Answer

Roman picture Roman · Oct 14, 2012

By default the cookie is a session cookie. You have complete control over the cookie by providing an options hash in config/initializers/session_store.rb . The options are the same as to Rack::Session::Cookie(see docs). So for example, for a specific expiration date you can provide :expire_after .

If you're using Devise, and rememberable strategy, then there's another cookie which can be used in order to retrieve the user.

Related questions

Rails: Access to current_user from within a model in Ruby on Rails

I need to implement fine-grained access control in a Ruby on Rails app. The permissions for individual users are saved in a database table and I thought that it would be best to let the respective resource (i.e. the …

Read More
Rails sessions current practices

Anyone have any "best practices" tips for Rails and sessions? The default session type for Rails 3 is still CookieStore, right? I used SqlSessionStore for a while and it worked well, but I may move away from that in favor of …

Read More
How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More