From a5eddb534f6c7a76acff9c2e54d394e4697d9fd4 Mon Sep 17 00:00:00 2001 From: Iain Beeston Date: Fri, 27 Feb 2015 10:29:44 +0000 Subject: [PATCH] Explained how to set session expiry through session_store config Most session stores offer an :expire_after option, but it's largely undocumented. Cookie store also supports a number of options via rack (these used to be documented in rails 2.3) --- .../action_dispatch/middleware/session/cache_store.rb | 9 ++++++--- .../action_dispatch/middleware/session/cookie_store.rb | 10 ++++++++++ .../middleware/session/mem_cache_store.rb | 4 ++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/actionpack/lib/action_dispatch/middleware/session/cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb index 625050dc4b172..857e49a682e1f 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cache_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb @@ -2,12 +2,15 @@ module ActionDispatch module Session - # Session store that uses an ActiveSupport::Cache::Store to store the sessions. This store is most useful + # A session store that uses an ActiveSupport::Cache::Store to store the sessions. This store is most useful # if you don't store critical data in your sessions and you don't need them to live for extended periods # of time. + # + # ==== Options + # * cache - The cache to use. If it is not specified, Rails.cache will be used. + # * expire_after - The length of time a session will be stored before automatically expiring. + # By default, the :expires_in option of the cache is used. class CacheStore < AbstractStore - # Create a new store. The cache to use can be passed in the :cache option. If it is - # not specified, Rails.cache will be used. def initialize(app, options = {}) @cache = options[:cache] || Rails.cache options[:expire_after] ||= @cache.options[:expires_in] diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index ed25c67ae50ce..d8f9614904be3 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -52,6 +52,16 @@ module Session # JavaScript before upgrading. # # Note that changing the secret key will invalidate all existing sessions! + # + # Because CookieStore extends Rack::Session::Abstract::ID, many of the + # options described there can be used to customize the session cookie that + # is generated. For example: + # + # Rails.application.config.session_store :cookie_store, expire_after: 14.days + # + # would set the session cookie to expire automatically 14 days after creation. + # Other useful options include :key, :secure and + # :httponly. class CookieStore < Rack::Session::Abstract::ID include Compatibility include StaleSessionCheck diff --git a/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb index b4d6629c35de0..cb19786f0bb53 100644 --- a/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb @@ -8,6 +8,10 @@ module ActionDispatch module Session + # A session store that uses MemCache to implement storage. + # + # ==== Options + # * expire_after - The length of time a session will be stored before automatically expiring. class MemCacheStore < Rack::Session::Dalli include Compatibility include StaleSessionCheck