I'm facing an issue with the session management in my web application. I've noticed that the session ID stored in a cookie doesn't seem to expire, which poses a security risk. If someone obtains this session ID, they can potentially log in to Active Admin.
I'm using Ruby on Rails with the Active Admin gem for my application.
My questions are:
Why isn't the session ID expiring as expected? How can I force the session ID to expire after a certain period of inactivity? Are there any additional security measures I should consider to prevent unauthorized access to Active Admin? I appreciate any guidance or solutions to help me address this issue and improve the security of my application. Thank you in advance!
hello
I'm facing an issue with the session management in my web application. I've noticed that the session ID stored in a cookie doesn't seem to expire, which poses a security risk. If someone obtains this session ID, they can potentially log in to Active Admin.
I'm using Ruby on Rails with the Active Admin gem for my application.
My questions are:
Why isn't the session ID expiring as expected? How can I force the session ID to expire after a certain period of inactivity? Are there any additional security measures I should consider to prevent unauthorized access to Active Admin? I appreciate any guidance or solutions to help me address this issue and improve the security of my application. Thank you in advance!