views:

839

answers:

2

I'm using the restful_authentication plugin for my login page. The problem is that after I log in as a user, I never get logged out until I click on log out. How do I set a session timeout of 15 minutes? For example, after 15 minutes if I go to any page, I should be redirected to the login page.

+3  A: 

You can configure session expiration times in the config/intializers/session_store.rb file in rails 2.3.

Just add the following option:

:expire_after => 60.minutes

Alternatively, you can change expiration times per controller/action by using the following in a before_filter:

request.session_options = request.session_options.dup
request.session_options[:expire_after] = 5.minutes
request.session_options.freeze

These instructions were found at: http://squarewheel.pl/posts/3, which also has a link to a plugin for rails < 2.3.

Gdeglin
I'm actually referring to the restful_authentication plugin at http://github.com/technoweenie/restful-authentication/tree/master. If I want to set the cookies to expire in 15 minutes, where do I set it? Is there something I need to set on the authenticated_system.rb?
Max
A: 

Note that this only sets cookie expiration time, not server-checked session expiration time (at least with the plugin I wrote for rails <2.3). To achieve the latter you'd have to implement your own before_filter that checks a timestamp in the session and discards it if the time is above the acceptable limit. Again, I haven't checked if this is needed for >=2.3