when you deal with privacy related data during a session then it is important to timeout these session since it happens to often that a session stays open. there a lot of examples how to “reuse” an open session.
sometimes it is nessecary to have different timeout for different parts of the system. you can do this with
class MyController def idle_session_timeout Configuration.instance.user_idle_session_timeout end . . . end
or you want to bind your admin session to the IP of the admin:
class MyAdminController before_filter :check_session_ip_binding . . . end
or you do not want any session timeout
class MyAdminController skip_before_filter :check_session . . . end
in Gemfile add gem ‘ixtlan-session-timeout’
for the configuration add for example in config/initializers/session-timeout.rb. without that the default idle timeout is 15 minutes.
Rails.application.config.idle_session_timeout = 30 #minutes
the ixtlan gem provides a setup generator which adds configuration examples for this gem in config/initializer/ixtlan.rb (the dynamic configuration is part of the ixtlan gem and it is just easier to keep that inside that gem !!!)
if that gem is present and loaded than any timeout will be log with the help of Ixtlan::Audit::UserLogger