Skip to content

Sessions never expire #154

Description

@heroturtle

cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }

Use a reasonable expiry:

cookies.signed[:session_token] = {
value: @session.id,
httponly: true,
expires: 30.days.from_now,
same_site: :lax,
secure: Rails.env.production?
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions