On 30 Dec 2011, at 19:54, Robert Walker wrote:
>>> Devise will expire session in the time that you put in
>>> 'config/initializers/devise.rb' with
>>>
>>> config.timeout_in = 5.minutes
>>>
>>> but this won't redirect your app automatically to the login page,
>>> so,
>>> you would need some javascript function to solve this.
>>
>> Alternatively, just include a meta-refresh tag in every page
>> pointing to
>> your login page, with the appropriate timeout as the refresh
>> interval.
>
> I would also advise planning ahead to remove this "feature" when your
> client begs you to, since the users will all hate it.
So true. We were asked this question for some freelance work a few
years back, in fact, they insisted on having that "feature" for
security reasons. It took them exactly one week to beg us to take it
away again. 5 minutes pass so quickly: you have a phone call, you get
a coffee and bump into a colleague, …
Best regards
Peter De Berdt
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment