Module: Devise::Models::SessionExpirable

Extended by:

ActiveSupport::Concern

Defined in:

lib/devise_session_expirable/model.rb

Overview

SessionExpirable verifies whether a user session has expired via the #session_expired? method.

Options

SessionExpirable adds the following options to devise_for:

• timeout_in: lifetime in seconds of an inactive user session

• default_last_request_at: age to assume for sessions with nil last_request_at

Examples

user.session_expired?(30.minutes.ago)

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

  :nodoc:.

Instance Method Summary

• #default_last_request_at ⇒ Object
• #session_expired?(last_access) ⇒ Boolean

  Accepts the time a session was last used and compares it to the oldest valid last_request_at date for a session.

• #timeout_in ⇒ Object

Class Method Details

.required_fields(klass) ⇒ Object

:nodoc:

# File 'lib/devise_session_expirable/model.rb', line 51

def self.required_fields(klass); []; end

Instance Method Details

#default_last_request_at ⇒ Object

# File 'lib/devise_session_expirable/model.rb', line 46

def default_last_request_at
  self.class.default_last_request_at
end

#session_expired?(last_access) ⇒ Boolean

Accepts the time a session was last used and compares it to the oldest valid last_request_at date for a session. If nil or any other falsy value is passed and the default_last_request_at option is configured, the configured value will be used for the comparison.

Supports the Devise rememberable module by deferring to #remember_expired? if the remember_created_at attribute is set.

Returns:

• (Boolean)

# File 'lib/devise_session_expirable/model.rb', line 36

def session_expired?(last_access)
  last_access ||= default_last_request_at
  return false if remember_exists_and_not_expired?
  !timeout_in.nil? && (!last_access || last_access <= timeout_in.ago)
end

#timeout_in ⇒ Object

# File 'lib/devise_session_expirable/model.rb', line 42

def timeout_in
  self.class.timeout_in
end