Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A simple dynamic session expiry/timeout plugin for Rails
Branch: master
Failed to load latest commit information.
tasks Initial import
Rakefile Initial import
init.rb We need to explicitly require the session_timeout file or Rails won't…


UPDATE: Despite its age, this plugin still works with Rails 2 - if you have any problems, send me a message.


::: Overview

SessionTimeout is a Rails plugin that lets you set a session timeout for each new request.

This enables you to timeout a user's session if they are idle for a certain length of time.

With Rails built-in session options, you can set a specific session expiry time however in production mode this expiry time is set just the once. This is fine if you are setting your expiry time far in the future (and therefore you are likely to restart your server processes by that time) but if you want to set your timeout in the near future, your session expiry will soon be a date/time in the past - this will cause a new session to be created for every new request resulting in disaster.

::: Usage

Install the plugin the usual way, then in your ApplicationController, specify the timeout duration by using the session_times_out_in() function. The function takes two parameters - how long you want the idle time to be before your session expires in seconds, and a hash of options.


class ApplicationController
	session_times_out_in 600

Sometimes it may be necessary to run a piece of application logic when your session times out - this could be a redirect, some kind of clean up routine, authentication or many other things. You can specify this timeout callback as a symbol, referring to a method in your ApplicationController, or as a Proc. If you specify a Proc, it will be passed an instance of the current controller. Simply set the after_timeout option as follows.

Example with a method:

class ApplicationController
	session_times_out_in 600, :after_timeout => :do_something
	def do_something "HELLO, IVE TIMED OUT!"

Example with a Proc:

class ApplicationController
	session_times_out_in 600, :after_timeout => { |controller| controller.do_something_else }
	def	do_something_else, "HELLO IVE TIMED OUT!"

Finally, don't forget you can use Rails' built-in number extensions to specify the timeout:

session_times_out_in 5.minutes
session_times_out_in 1.hour

::: Contact

Luke Redpath <> or Jonathan Conway <>

Agile Evolved Open Source
Something went wrong with that request. Please try again.