I want users logged in to my site to always be logged in, unless they click logout. Like a permanent "Remember Me" feature. But session cookie expires when the browser is closed. where can i configure that session cookie should never expire? thanks. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
you can''t or atleast shouldn''t. If you want the data to never expire use cookies instead. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On May 23, 2007, at 10:20 PM, Jigar Gosar wrote:> I want users logged in to my site to always be logged in, unless they > click logout. Like a permanent "Remember Me" feature. But session > cookie > expires when the browser is closed. where can i configure that session > cookie should never expire?That''s because Rails by default sets no expiration date in the session cookie. Just assign some date far in the future: # untested config.action_controller.session :session_expires => 10.years.from_now -- fxn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
this is server''s session storage expiry time or, client''s cookie expiry time? Xavier Noria wrote:> On May 23, 2007, at 10:20 PM, Jigar Gosar wrote: > >> I want users logged in to my site to always be logged in, unless they >> click logout. Like a permanent "Remember Me" feature. But session >> cookie >> expires when the browser is closed. where can i configure that session >> cookie should never expire? > > That''s because Rails by default sets no expiration date in the > session cookie. Just assign some date far in the future: > > # untested > config.action_controller.session :session_expires => > 10.years.from_now > > -- fxn-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On May 24, 2007, at 9:20 AM, Xavier Noria wrote:> > On May 23, 2007, at 10:20 PM, Jigar Gosar wrote: > >> I want users logged in to my site to always be logged in, unless they >> click logout. Like a permanent "Remember Me" feature. But session >> cookie >> expires when the browser is closed. where can i configure that >> session >> cookie should never expire? > > That''s because Rails by default sets no expiration date in the > session cookie. Just assign some date far in the future: > > # untested > config.action_controller.session :session_expires => > 10.years.from_nowSession expiration for me means session cookie expiration, in the sense that''s what happens from the user''s view. A user maintains his session as long as he has a cookie for your application. When the browser deletes the cookie the session is gone. Cleanup of expired sessions in the database or whatever storage you use is a different issue in my view, and Rails has no automatic mechanism to take care of them. A cron task that cleans up the session storage is the canonical solution, for instance something like: # untested, 10 years was the expiration window in the config example script/runner ''Session.delete_all("created_at < ?", 10.years.ago)'' -- fxn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
It''s a server-side expiry time, but Session in Rails uses cookie to identify the server-side data. So it depends on the cookie too. But if your web application has sensitive data, and is accessible over the Internet, it''s not a good practice to keep login sessions forever!!! HTH - H On 5/24/07, Jigar Gosar <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > this is server''s session storage expiry time or, client''s cookie expiry > time? > > Xavier Noria wrote: > > On May 23, 2007, at 10:20 PM, Jigar Gosar wrote: > > > >> I want users logged in to my site to always be logged in, unless they > >> click logout. Like a permanent "Remember Me" feature. But session > >> cookie > >> expires when the browser is closed. where can i configure that session > >> cookie should never expire? > > > > That''s because Rails by default sets no expiration date in the > > session cookie. Just assign some date far in the future: > > > > # untested > > config.action_controller.session :session_expires => > > 10.years.from_now > > > > -- fxn > > > -- > Posted via http://www.ruby-forum.com/. > > > >-- Husein Choroomi Yucca Intelligence Development http://www.YuccaHQ.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---