Explained how to set session expiry through session_store config

Most session stores offer an :expire_after option, but it's largely undocumented. Cookie store also supports a number of options via rack (these used to be documented in rails 2.3)
rails · Feb 27, 2015 · a5eddb5 · a5eddb5
1 parent 95546d4
commit a5eddb5
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/actionpack/lib/action_dispatch/middleware/session/cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb
@@ -2,12 +2,15 @@
 
 module ActionDispatch
   module Session
-    # Session store that uses an ActiveSupport::Cache::Store to store the sessions. This store is most useful
+    # A session store that uses an ActiveSupport::Cache::Store to store the sessions. This store is most useful
     # if you don't store critical data in your sessions and you don't need them to live for extended periods
     # of time.
+    #
+    # ==== Options
+    # * <tt>cache</tt>         - The cache to use. If it is not specified, <tt>Rails.cache</tt> will be used.
+    # * <tt>expire_after</tt>  - The length of time a session will be stored before automatically expiring.
+    #   By default, the <tt>:expires_in</tt> option of the cache is used.
     class CacheStore < AbstractStore
-      # Create a new store. The cache to use can be passed in the <tt>:cache</tt> option. If it is
-      # not specified, <tt>Rails.cache</tt> will be used.
       def initialize(app, options = {})
         @cache = options[:cache] || Rails.cache
         options[:expire_after] ||= @cache.options[:expires_in]

diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -52,6 +52,16 @@ module Session
     # JavaScript before upgrading.
     #
     # Note that changing the secret key will invalidate all existing sessions!
+    #
+    # Because CookieStore extends Rack::Session::Abstract::ID, many of the
+    # options described there can be used to customize the session cookie that
+    # is generated. For example:
+    #
+    #   Rails.application.config.session_store :cookie_store, expire_after: 14.days
+    #
+    # would set the session cookie to expire automatically 14 days after creation.
+    # Other useful options include <tt>:key</tt>, <tt>:secure</tt> and
+    # <tt>:httponly</tt>.
     class CookieStore < Rack::Session::Abstract::ID
       include Compatibility
       include StaleSessionCheck

diff --git a/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
@@ -8,6 +8,10 @@
 
 module ActionDispatch
   module Session
+    # A session store that uses MemCache to implement storage.
+    #
+    # ==== Options
+    # * <tt>expire_after</tt>  - The length of time a session will be stored before automatically expiring.
     class MemCacheStore < Rack::Session::Dalli
       include Compatibility
       include StaleSessionCheck