By default a signed or encrypted cookie is only valid for a day, unless a :max_age is specified.
On investigation, this is talking about the validity of the signature, not of the cookie itself. I attempted to clarify that :max_ageof the cookie is unset by default, which produces a session cookie.
I was a bit confused by this statement:
On investigation, this is talking about the validity of the signature, not of the cookie itself. I attempted to clarify that
:max_age
of the cookie is unset by default, which produces a session cookie.