commit: 40be4ea239d567845ddd0af204141fa2b7e22b15
parent: 3d47154c206fcea8fc46e024ee11a40063a05023
Author: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 12 Aug 2017 16:30:59 +0200
Extend Devise remember_me longevity to 1 year instead of 2 weeks (#4587)
Force SSL only cookies for remember_me, adjust confirmation
expiration time to fit with the user cleanup scheduler
Diffstat:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -154,7 +154,7 @@ Devise.setup do |config|
# their account can't be confirmed with the token any more.
# Default is nil, meaning there is no restriction on how long a user can take
# before confirming their account.
- # config.confirm_within = 3.days
+ config.confirm_within = 2.days
# If true, requires any email changes to be confirmed (exactly the same way as
# initial account confirmation) to be applied. Requires additional unconfirmed_email
@@ -167,7 +167,7 @@ Devise.setup do |config|
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
- # config.remember_for = 2.weeks
+ config.remember_for = 1.year
# Invalidates all the remember me tokens when the user signs out.
config.expire_all_remember_me_on_sign_out = true
@@ -177,7 +177,7 @@ Devise.setup do |config|
# Options to be passed to the created cookie. For instance, you can set
# secure: true in order to force SSL only cookies.
- # config.rememberable_options = {}
+ config.rememberable_options = { secure: true }
# ==> Configuration for :validatable
# Range for password length.
