The gem Devise is great for authentication for Rails applications.
https://github.com/heartcombo/devise
For some sensitive application, you want to logout the user aggressively.
For example: a banking app. You want users to re-login if inactive for more then 30 minutes but keep them logged in if active.
Add :rememberable
and :timeoutable
to the devise
method on the model.
# app/models/user.rb
class User < ActiveRecord::Base
devise :database_authenticatable,
:rememberable,
:timeoutable
end
The main configuration to change are: remember_for
and timeout_in
.
# config/initializers/devise.rb
Devise.setup do |config|
# [...]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
config.remember_for = 1.day
# Invalidates all the remember me tokens when the user signs out.
config.expire_all_remember_me_on_sign_out = true
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again. Default is 30 minutes.
config.timeout_in = 30.minutes
# [...]
end
That's all ๐
Please share. If you have any suggestions, please comment.
ย