Documentation for Session Expiration Feature¶ ↑
The session expiration feature allows setting an inactivity timeout and a max lifetime for sessions. When this feature is used, you should use rodauth.check_session_expiration at the top (or other appropriate place) in your routing tree.
route do |r| rodauth.check_session_expiration r.rodauth # ... end
When checking session expiration, if the last activity was more than the inactivity timeout, or the session was created more the maximum lifetime ago, the session is cleared, and the user is redirected to the login page.
Auth Value Methods¶ ↑
| max_session_lifetime |
The maximum number of seconds since session creation that sessions will be valid for, regardless of session activity. 86400 by default (1 day). |
| session_created_session_key |
The session key storing the session creation timestamp. |
| session_expiration_default |
Whether to expire sessions that don’t have the created at or last activity at timestamps set, true by default. |
| session_expiration_error_flash |
The flash error to show if a session expires. |
| session_expiration_error_status |
The error status to use when a JSON request is made and the session has expired, 401 by default. |
| session_expiration_redirect |
Where to redirect if a session expires. |
| session_inactivity_timeout |
The maximum number of seconds allowed since the last activity before the session will be considered invalid. 1800 by default (30 minutes). |
| session_last_activity_session_key |
The session key storing the last session activity timestamp. |