Setting session length with Devise

About

Asked 1/2, 2011 at 19:53 Answered 7/12, 2016 at 11:23

My sessions with devise timeout after 1-3 hours of non-use (not sure exactly how long). How can I adjust this?

I've looked over the docs and can't seem to find a setting for this.

Buseck answered 1/2, 2011 at 19:53 Comment(0)

Look in config/initializers/devise.rb. There are a lot of configuration settings including config.timeout_in. The default in my version is 30 minutes. You can also set it on the model itself:

class User < ActiveRecord::Base
  devise :timeoutable, :timeout_in => 15.minutes

You can now also set the timeout dynamically.

Dittman answered 1/2, 2011 at 20:44 Comment(1)

Is it safe to set it to 2 weeks for example? – Sandpaper 25/9, 2017 at 16:22

With Rails4, the better thing to follow is:

In models/user.rb: Add :timeoutable to already existing list of devise modules.

class User < ActiveRecord::Base
  devise :timeoutable
end

In config/initializers/devise.rb: Set the timeout parameter.

Devise.setup do |config|
  config.timeout_in = 3.hours
end

Mammiemammiferous answered 13/12, 2015 at 15:55 Comment(0)

Global:

class User < ActiveRecord::Base
  devise (...), :timeoutable
end

Devise.setup do |config|
  config.timeout_in = 3.hours
end

Also it's possible to set timeout_in option dynamically

class User < ActiveRecord::Base
  devise (...), :timeoutable

  def timeout_in
    if self.admin? 
      1.year
    else
      2.days
    end
  end
end

Faultfinder answered 7/12, 2016 at 11:23 Comment(1)

Yes! Except perhaps you'd want to reverse the times there. Better to make users with more privileges authenticate more frequently... – Fixate 14/9, 2017 at 1:41

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags