-
-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make sessions (actually) expire #8
Comments
Sure! I am keen to work on this. |
Hear are my thoughts so far: in sessions_controller.rb
In
What do you think? Is this what you had in mind? |
@mikker hey man, hope the new year is going well :-) I am curious if you had a chance to look this over? Do you want me to submit a PR? |
Yes, sorry, thanks! A PR is very welcome. Good thoughts so far. I have a few suggestions but the best way forward is maybe you getting as far as you can and then we work our way to the finish line together, bit by bit? |
Fixed in #10 |
Sessions don't expire right now. They get
expires_at
set to a year in the future but we don't really use that anywhere. It's meant to make the cookies expire at some point, forcing the user to sign in again. Probably a good idea.(NB: Expiry is different than timeout. Timeout is sign in using this token before. Expiry is sign user out automatically after)
Now, we could do this by setting an expiry on the cookie itself. But I'm not sure. I think I'd like to check it programmatically, so we can alert the user of the reason they need to sign in again, e.g Your session has expired, please sign in again. I think the best place to do this for now is in the sessions controller.
The text was updated successfully, but these errors were encountered: