heartcombo / devise

Flexible authentication solution for Rails with Warden.
http://blog.plataformatec.com.br/tag/devise/
MIT License
24.02k stars 5.55k forks source link

How to Expire Session IDs in Cookies for Active Admin? #5647

Open YannRocha opened 1 year ago

YannRocha commented 1 year ago

hello

I'm facing an issue with the session management in my web application. I've noticed that the session ID stored in a cookie doesn't seem to expire, which poses a security risk. If someone obtains this session ID, they can potentially log in to Active Admin.

I'm using Ruby on Rails with the Active Admin gem for my application.

My questions are:

Why isn't the session ID expiring as expected? How can I force the session ID to expire after a certain period of inactivity? Are there any additional security measures I should consider to prevent unauthorized access to Active Admin? I appreciate any guidance or solutions to help me address this issue and improve the security of my application. Thank you in advance!