Rails Idle Session Timeout

when you deal with privacy related data during a session then it is important to timeout these session since it happens to often that a session stays open. there a lot of examples how to “reuse” an open session.

sometimes it is nessecary to have different timeout for different parts of the system. you can do this with

class MyController
  def idle_session_timeout
    Configuration.instance.user_idle_session_timeout
  end
  . . . 
end 

or you want to bind your admin session to the IP of the admin:

class MyAdminController
  before_filter :check_session_ip_binding  
  . . . 
end 

or you do not want any session timeout

class MyAdminController
  skip_before_filter :check_session
  . . . 
end 

in Gemfile add gem ‘ixtlan-session-timeout’

for the configuration add for example in config/initializers/session-timeout.rb. without that the default idle timeout is 15 minutes.

Rails.application.config.idle_session_timeout = 30 #minutes

the ixtlan gem provides a setup generator which adds configuration examples for this gem in config/initializer/ixtlan.rb (the dynamic configuration is part of the ixtlan gem and it is just easier to keep that inside that gem !!!)

if that gem is present and loaded than any timeout will be log with the help of Ixtlan::Audit::UserLogger