diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2017-08-12 16:30:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-08-12 16:30:59 +0200 |
commit | 40be4ea239d567845ddd0af204141fa2b7e22b15 (patch) | |
tree | ffd46664d3196eb9b8d9db9716df8017fbbc8386 /config | |
parent | 3d47154c206fcea8fc46e024ee11a40063a05023 (diff) |
Extend Devise remember_me longevity to 1 year instead of 2 weeks (#4587)
Force SSL only cookies for remember_me, adjust confirmation expiration time to fit with the user cleanup scheduler
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/devise.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index e6b0e90cb..64c4e12ff 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -154,7 +154,7 @@ Devise.setup do |config| # their account can't be confirmed with the token any more. # Default is nil, meaning there is no restriction on how long a user can take # before confirming their account. - # config.confirm_within = 3.days + config.confirm_within = 2.days # If true, requires any email changes to be confirmed (exactly the same way as # initial account confirmation) to be applied. Requires additional unconfirmed_email @@ -167,7 +167,7 @@ Devise.setup do |config| # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. - # config.remember_for = 2.weeks + config.remember_for = 1.year # Invalidates all the remember me tokens when the user signs out. config.expire_all_remember_me_on_sign_out = true @@ -177,7 +177,7 @@ Devise.setup do |config| # Options to be passed to the created cookie. For instance, you can set # secure: true in order to force SSL only cookies. - # config.rememberable_options = {} + config.rememberable_options = { secure: true } # ==> Configuration for :validatable # Range for password length. |