session_expiration.rdoc

doc/session_expiration.rdoc
Last Update: 2016-04-09 12:41:36 -0700

Documentation for Session Expiration Feature

The session expiration feature allows setting an inactivity timeout and a max lifetime for sessions. When this feature is used, you should use rodauth.check_session_expiration at the top (or other appropriate place) in your routing tree.

route do |r|
  rodauth.check_session_expiration
  r.rodauth

  # ...
end

When checking session expiration, if the last activity was more than the inactivity timeout, or the session was created more the maximum lifetime ago, the session is cleared, and the user is redirected to the login page.

Auth Value Methods

max_session_lifetime

The maximum number of seconds since session creation that sessions will be valid for, regardless of session activity. 86400 by default (1 day).

session_created_session_key

The session key storing the session creation timestamp.

session_expiration_default

Whether to expire sessions that don't have the created at or last activity at timestamps set, true by default.

session_expiration_error_flash

The flash error to show if a session expires.

session_expiration_redirect

Where to redirect if a session expires.

session_inactivity_timeout

The maximum number of seconds allowed since the last activity before the session will be considered invalid. 1800 by default (30 minutes).

session_last_activity_session_key

The session key storing the last session activity timestamp.