Devise session for 1 day

Question

I am working on rails 4, one of my application i am using devise for authentication process. Everything is working properly and i want to do one thing. After user signed in that session would persist for 1 day or until user pressed sign out button. For example if i logged in on 8th March 2015 10AM it will automatically destroy session on 9th March 2015 10AM even though i am working on that time.

devise :timeoutable, :timeout_in => 24.hours

I used devise timeoutable(above code) but it taking 24 hours of inactivity.

config.timeout_in = 24.hours

In devise.rb i tried to configure that but its went vain again it taking user inactivity. If anyone knows better idea or code please share with me. Any information needed just add a comment i will edit my question. Thanks in advance.

Answer 1

timeout_in description in the devise.rb configuration file says:

The time you want to timeout the user session without activity. After this time the user will be asked for credentials again.

So that is not the time since login, but the time since any last user activity. That is not what you want.

To create sessions that really last exactly x hours, you could create a before_action filter in the ApplicationController that compares the current_sign_in_at time of the user with the current time. Something like (not tested):

# in controllers/application_controller.rb
before_action :check_max_session_time

def check_max_session_time
  redirect_to destroy_user_session_path if current_user.current_sign_in_at + 24.hours < Time.now
end

The timeout_in configuration should still be 24.hours, otherwise users will be logged out earlier.