Please sign in to comment.
Remove session_expire from User
This does make it possible to manually edit your remember-me timeout, but remember-me should be a convenience and not a security feature. Writing an updated expiry to the DB on every request just when we've switched to cookie- based sessions seems counterproductive.
- Loading branch information...
Showing with 20 additions and 46 deletions.
|@@ -0,0 +1,9 @@|
|+class RemoveSessionExpireFromUsers < ActiveRecord::Migration|
|+ def self.up|
|+ remove_column :users, :session_expire|
|+ def self.down|
|+ add_column :users, :session_expire, :datetime|