Setting session timeout in Rails 3

I think you will have to do this manually since the active record store does not implement the expire_after option. So within your (I assume) before filter, you should do this:

def authenticate  if session[:logged_in]    reset_session if session[:last_seen] < 2.minutes.ago    session[:last_seen] = Time.now  else    ... authenticate    session[:last_seen] = Time.now  endend

Obviously, this is not complete, but it should give you the basic idea.

UPDATE:

It seems that the functionality IS present in rails since version 2.3. I found the relevant code here. This is AbstractStore which should serve as base class for all derived ones. So, as dadooda suggests, the following should work:

Some::Application.config.session_store :active_record_store, {  expire_after: 24.hours,}

I did this in simple way you can try this:

In your config/initializers/session_store.rb just do this:

Yourapp::Application.config.session_store :cookie_store,                                              :key => "_yourapp_session",                                             :expire_after => 2.minutes

This is working for me finely, hope works for you also.

You have to do it manually. Here's an example of creating a class method for ActiveRecord sessions. You can use Rufus-Scheduler and/or DelayedJob to regularly call this.

class Session < ActiveRecord::Base  def self.sweep(time = 1.hour)    if time.is_a?(String)      time = time.split.inject { |count, unit| count.to_i.send(unit) }    end    delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'"  endend

More background on why it's important: http://guides.rubyonrails.org/security.html#session-expiry