Reputation:
Devise on Rails timeout on :token_authenticatable?
do you know how to configure a timeout on:token_authenticatable strategy on devise on Rails?
I set both :timeoutable and :token_authenticatable
devise :database_authenticatable, :registerable,
:recoverable, :trackable, :validatable, :timeoutable,
:token_authenticatable, :lockable
If I login with username and password, the timeout is correctly taken into account and I am asked to relogin again, while the token I set when I login it is not giving any timeout and it is always valid, until I do a proper logout (as I set a current_user.reset_authentication_token! in the destroy method). Is there an easy way to set a token timeout not too intrusively (ie. modifying the devise code) or without hack (ie to have a cron job which is regularly checking last sign_in and reset the token if necessary)?
thanks
Upvotes: 0
Views: 570
Answers (1)
Reputation: 1197
I did similar thing with rake tasks:
namespace :app_name do
desc "reset all auth_tokens"
task :reset_auth => :environment do
users = User.find(:all)
users.each do |user|
user.reset_authentication_token!
end
end
end
And then cron:
rake app_name:reset_auth
Upvotes: 1
Related Questions
- Error using devise_token_auth gem Rails 7
- Devise & Ruby on Rails: How to resolve "Completed 401 Unauthorized" when trying to Log In
- Devise and Devise token auth gem routing errors
- devise token auth errors
- Rails Devise and devise_token_auth. Not working alongside
- problems using devise token auth
- Token authentication with Rails and Devise
- Timeout for authentication_token only, not for database authenticable
- Token Authentication in Devise
- Sign in in a rails app with Devise and token_authenticatable : "401 unauthorized"