search for: expire_after

...t- check me in that hopefully it''s just something I''ve missed along the way. I need the application to automatically shut down an active session after 15 minutes of inactivity. My understanding is that this is accomplished, in 2.3.5, with ActionController::Base.session_options [:expire_after]. In the code snippet below (currently in config/initializers/ session_store.rb), I''m forcing this behavior if RAILS_ENV isn''t development (because in development I don''t want this going on - it''s annoying to have to relog after making UI/CSS/markup changes ever...

Helllo there, Can any one help me on this "Session Expiry" I just want to make the session expire when the system goes idle how do i do it yours , Narayanan.cj. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

Upgrading a Rails app from 2.2 to 2.3.2 (via 2.3.0). Got things working in the browser, but script/console seems messed up in both 2.3.0 and 2.3.2: $ script/console Loading development environment (Rails 2.3.2) /Library/Ruby/Gems/1.8/gems/rails-2.3.2/lib/initializer.rb:56:in `env'':NameError: uninitialized constant Module::ActiveSupport

...r cookie-based sessions, then they give a fix for it for database-based sessions (which are now deprecated, apparently). I''m really confused. I want to be able to prevent an attacker from getting a cookie that gives him permanent access to my login-protected site. Obviously I can set :expire_after in initializers/session_store.rb, but unless I''m wrong that simply sets the expiration of the cookie which is client-side and easily altered by an attacker so the session can live forever. Of course I can make things better by forcing SSL, using secure cookies, and forcing HTTP only, b...

...} but I immediately get server failures because the cookie store needs them and is still active. I also tried replacing the config.action_controller.session_store = :active_record_store line with : ActionController::Base.session_store = :active_record_store ActionController::Base.session_options[:expire_after]=2.years after the initializer block in environment.rb, but it apparently had no effect, still the cookie_store turns on. So, any suggestions or guidance appreciated. ps. The reason I''m trying to switch is that I''m trying to get Facebook Connect to work via Facebooker, and appa...

I''m implementing simple "remember me" functionality for logging in users with Rails 2.3.4. I''m trying to set the session expiration date for some time in the future. After googling around a bit I found this post which seems to address my problem: http://squarewheel.pl/posts/3 My modifications to request.session_options are being ignored. According to this discussion (