Devise logout after 1 day or 30 minutes inactive

Devise logout after 1 day or 30 minutes inactive


1 min read

The gem Devise is great for authentication for Rails applications.

For some sensitive application, you want to logout the user aggressively.

For example: a banking app. You want users to re-login if inactive for more then 30 minutes but keep them logged in if active.

Add :rememberable and :timeoutable to the devise method on the model.

# app/models/user.rb

class User < ActiveRecord::Base
  devise :database_authenticatable,

The main configuration to change are: remember_for and timeout_in.

# config/initializers/devise.rb

Devise.setup do |config|
  # [...]

  # ==> Configuration for :rememberable
  # The time the user will be remembered without asking for credentials again.
  config.remember_for =

  # Invalidates all the remember me tokens when the user signs out.
  config.expire_all_remember_me_on_sign_out = true

  # ==> Configuration for :timeoutable
  # The time you want to timeout the user session without activity. After this
  # time the user will be asked for credentials again. Default is 30 minutes.
  config.timeout_in = 30.minutes

  # [...]

That's all ๐ŸŽ‰

Please share. If you have any suggestions, please comment.