How to set rails session cookie expiration time to "session"

Lanbo picture Lanbo · Oct 14, 2012 · Viewed 22.4k times · Source

I'm not very experienced with the parts of Rails that are not on the surface.

All I want is to have a session cookie that has the expiration set to session so it expires when the user leaves their browser or whatever. As a security measurement.

Answer

Roman picture Roman · Oct 14, 2012

By default the cookie is a session cookie. You have complete control over the cookie by providing an options hash in config/initializers/session_store.rb . The options are the same as to Rack::Session::Cookie(see docs). So for example, for a specific expiration date you can provide :expire_after .

If you're using Devise, and rememberable strategy, then there's another cookie which can be used in order to retrieve the user.