Expiring Sessions
This brief snippet will show you how to expire a user's session after a certain period of time.
Published on:October 16, 2015
HEADS UP! This article was designed for Rails versions prior to 6.0 and Ruby 1.x. It may not be compatible with newer versions of Rails and/or Ruby.
Introduction
To improve user security, we may wish to expire the user's session after they are inactive for a given amount of time. In order to do this, we simply set the expire_after
parameter when setting up our session store. For example:
config/initializers/session_store.rb:
Rails.application.config.session_store :cookie_store, key: '_Example_session', expire_after: 15.minutes
The line above would expire the session after 15 minutes of inactivity. This means that the user's session variables would get wiped once time reaches 15 minutes since the user last accessed the Rails application. If the user refreshes the page, the timer gets refreshed.
That's it! Thanks for reading!