How to set timeout for rails HTTP authentication?

Question

I am using rails HTTP digest authentication on some of my website's controller. It is working fine for my purpose but it timeout very quick.

How can I adjust the timeout parameter for HTTP digest authentication? How can I implement logout for HTTP basic authentication?

Thanks,

Answer 1

If a user leaves the site, or closes their browser, etc, and you would like them to stay logged in:

In your SessionsController:

def create
    member = Member.find_by_user_name(params[:user_name])
    if member && member.authenticate(params[:password])
      session[:member_id] = member.id
      if params["remember_me"] == "1"
        cookies[:digest] = {:value => member.password_digest, :expires => Time.now + 720000}
      else
        cookies[:digest] = nil
      end
      redirect_to (url_to_go_to_after_login), :notice => "Logged in!"
    else
      redirect_to (login_url), :alert => "Invalid email or password"
    end
  end

How to log out a user:

  def destroy
    session[:member_id] = nil
    cookies[:digest] = nil
    redirect_to url_to_go_to_after_logout, :notice => "Logged out!"
  end

How to log in a user from the rememberme cookie:

  def new
    if member = Member.find_by_password_digest(cookies[:digest])
      session[:member_id] = member.id
      redirect_to (url_to_go_to_after_login), :notice => "Hello#{member.first_name}"
    end
  end

To set the expire time for later (should work in rails > 2.3 https://github.com/rails/rails/blob/2-3-stable/actionpack/lib/action_controller/session/abstract_store.rb#L175 ):

Your::Application.config.session_store :active_record_store, {
  key: "your_session_id",
  domain: ".your-domain.com",
  expire_after: 48.hours,
}