How to make sure that session never expires

I want users logged in to my site to always be logged in, unless they
click logout. Like a permanent “Remember Me” feature. But session cookie
expires when the browser is closed. where can i configure that session
cookie should never expire?

thanks.

you can’t or atleast shouldn’t. If you want the data to never expire use
cookies instead.

On May 23, 2007, at 10:20 PM, Jigar G. wrote:

I want users logged in to my site to always be logged in, unless they
click logout. Like a permanent “Remember Me” feature. But session
cookie
expires when the browser is closed. where can i configure that session
cookie should never expire?

That’s because Rails by default sets no expiration date in the
session cookie. Just assign some date far in the future:

untested

config.action_controller.session :session_expires =>
10.years.from_now

– fxn

this is server’s session storage expiry time or, client’s cookie expiry
time?

Xavier N. wrote:

On May 23, 2007, at 10:20 PM, Jigar G. wrote:

I want users logged in to my site to always be logged in, unless they
click logout. Like a permanent “Remember Me” feature. But session
cookie
expires when the browser is closed. where can i configure that session
cookie should never expire?

That’s because Rails by default sets no expiration date in the
session cookie. Just assign some date far in the future:

untested

config.action_controller.session :session_expires =>
10.years.from_now

– fxn

On May 24, 2007, at 9:20 AM, Xavier N. wrote:

That’s because Rails by default sets no expiration date in the
session cookie. Just assign some date far in the future:

untested

config.action_controller.session :session_expires =>
10.years.from_now

Session expiration for me means session cookie expiration, in the
sense that’s what happens from the user’s view. A user maintains his
session as long as he has a cookie for your application. When the
browser deletes the cookie the session is gone.

Cleanup of expired sessions in the database or whatever storage you
use is a different issue in my view, and Rails has no automatic
mechanism to take care of them. A cron task that cleans up the
session storage is the canonical solution, for instance something like:

untested, 10 years was the expiration window in the config example

script/runner ‘Session.delete_all(“created_at < ?”, 10.years.ago)’

– fxn

It’s a server-side expiry time, but Session in Rails uses cookie to
identify the server-side data. So it depends on the cookie too.

But if your web application has sensitive data, and is accessible over
the Internet, it’s not a good practice to keep login sessions
forever!!!

HTH

  • H

On 5/24/07, Jigar G. [email protected] wrote:

expires when the browser is closed. where can i configure that session


Posted via http://www.ruby-forum.com/.


Husein C.
Yucca Intelligence Development
http://www.YuccaHQ.com

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs