Introduction

To improve user security, we may wish to expire the user's session after they are inactive for a given amount of time. In order to do this, we simply set the expire_after parameter when setting up our session store. For example:

config/initializers/session_store.rb:

Rails.application.config.session_store :cookie_store, key: '_Example_session', expire_after: 15.minutes

The line above would expire the session after 15 minutes of inactivity. This means that the user's session variables would get wiped once time reaches 15 minutes since the user last accessed the Rails application. If the user refreshes the page, the timer gets refreshed.

That's it! Thanks for reading!