I want users logged in to my site to always be logged in, unless they
click logout. Like a permanent “Remember Me” feature. But session cookie
expires when the browser is closed. where can i configure that session
cookie should never expire?
thanks.
you can’t or atleast shouldn’t. If you want the data to never expire use
cookies instead.
On May 23, 2007, at 10:20 PM, Jigar G. wrote:
I want users logged in to my site to always be logged in, unless they
click logout. Like a permanent “Remember Me” feature. But session
cookie
expires when the browser is closed. where can i configure that session
cookie should never expire?
That’s because Rails by default sets no expiration date in the
session cookie. Just assign some date far in the future:
untested
config.action_controller.session :session_expires =>
10.years.from_now
– fxn
this is server’s session storage expiry time or, client’s cookie expiry
time?
Xavier N. wrote:
On May 23, 2007, at 10:20 PM, Jigar G. wrote:
I want users logged in to my site to always be logged in, unless they
click logout. Like a permanent “Remember Me” feature. But session
cookie
expires when the browser is closed. where can i configure that session
cookie should never expire?
That’s because Rails by default sets no expiration date in the
session cookie. Just assign some date far in the future:
untested
config.action_controller.session :session_expires =>
10.years.from_now
– fxn
On May 24, 2007, at 9:20 AM, Xavier N. wrote:
That’s because Rails by default sets no expiration date in the
session cookie. Just assign some date far in the future:
untested
config.action_controller.session :session_expires =>
10.years.from_now
Session expiration for me means session cookie expiration, in the
sense that’s what happens from the user’s view. A user maintains his
session as long as he has a cookie for your application. When the
browser deletes the cookie the session is gone.
Cleanup of expired sessions in the database or whatever storage you
use is a different issue in my view, and Rails has no automatic
mechanism to take care of them. A cron task that cleans up the
session storage is the canonical solution, for instance something like:
untested, 10 years was the expiration window in the config example
script/runner ‘Session.delete_all(“created_at < ?”, 10.years.ago)’
– fxn
It’s a server-side expiry time, but Session in Rails uses cookie to
identify the server-side data. So it depends on the cookie too.
But if your web application has sensitive data, and is accessible over
the Internet, it’s not a good practice to keep login sessions
forever!!!
HTH
On 5/24/07, Jigar G. [email protected] wrote:
expires when the browser is closed. where can i configure that session
–
Posted via http://www.ruby-forum.com/.
–
Husein C.
Yucca Intelligence Development