Geek Answers Handbook

Can you use Devise: timeoutable and: remembered at the same time?

And if so, how do they differ, what is possible?

And if not, why do both exist? Why not have one without the other? If you do not have: timeoutable, then the session is automatically remembered. If you do not: remember, then the session is automatically disconnected.

http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable

http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable

+8
ruby-on-rails devise
source share
1 answer

In my understanding / experience, which is not much, I see that:

The timeout function is intended for users with an open browser who may be absent from the keyboard, and you want the session to end for security reasons in minutes.

The Remember Me feature is intended for users who return daily or weekly, and you do not want them to go through the login process each time. That way you can remember them (something about weeks or months). It seems that this does not work as expected, so remember that I work as expected when I completely close the browser application (tested in Firefox), if the user closes the tab and opens a new tab, it does not need log in again, even if they asked not to remember.

As a final thought, I understand that memorizing is useless when using a timeout.

0
source share

More articles:


All Articles