Does Rails provide default session time-out duration? If yes, where is it specified?

Question

I already know how to set expiry time duration in rails app, which has been documented very well on web. But what I want to know is what is the default time duration for ses

Answer 1

By definition, sessions will expire after the browser is closed, they do not have timeout. If you open Chrome dev tools and look at the expiration date, it will say "Session" there instead of the date/time.

Answer 2

Rails doesn't have a default expiration time. The method definition for session_store seems to have only one default:

On line 32 @session_store = :cookie_store

By default the other configurations are non existent. Therefore, :expire_after is not set and Rails' sessions don't have expiration time unless you set a value for it.

Answer 3

You can configure the application's session information in the initializer file

config/initializers/session_store.rb

For setting 30 minutes try the below code :

 YourApp::Application.config.session_store :cookie_store, 
    :key => '_my_session', 
    :expire_after => 30.minutes