-
-
Notifications
You must be signed in to change notification settings - Fork 40
Persistent Active Sessions
Janko Marohnić edited this page Nov 14, 2024
·
1 revision
If you're using the active_sessions feature, you may want sessions to persist beyond browser close. It might be tempting to reach for the remember feature, but that doesn't play as well with active_sessions as you might expect. When an active session expires or gets deleted, if the login is remembered and the remember token is still valid, the user will just get autologged back in from the remember cookie. This prevents remotely logging out sessions from devices.
Instead of using the remember feature, you're probably better off making the whole Rails session cookie long-lived. You can do so by passing :expires_after when configuring the session store:
Rails.application.config.session_store :cookie_store, expire_after: 14.days