Closed alessandrostein closed 3 years ago
mikker
commented
3 years ago Hi! Passwordless uses Rails' cookie based session store already (docs) which uses Rack's own session storage https://www.rubydoc.info/gems/rack/Rack/Session/Cookie.
Have you tried bumping expires_after?
rickychilcott
commented
3 years ago Just to add a bit more to this, @alessandrostein -- https://github.com/mikker/passwordless#configuration might help you figure out how to bump the period higher. Something like Passwordless.expires_at = lambda { 3.months.from_now }
alessandrostein
commented
3 years ago Just to add a bit more to this, @alessandrostein -- https://github.com/mikker/passwordless#configuration might help you figure out how to bump the period higher. Something like
Passwordless.expires_at = lambda { 3.months.from_now }
Thanks for the explanation. My passwordless initializer was settted expires_at for one year.
Passwordless.expires_at = lambda { 1.year.from_now } # How long until a passwordless session expires.
Could be this long period (1 year) not supported?
alessandrostein
commented
3 years ago I was able to simulate using Google Chrome in my Android smartphone. After closes the browser or restart the Android system, we lost the session.
mikker
commented
3 years ago Thanks for chiming in, @rickychilcott! You're absolutely right.
Just to avoid misunderstandings: We are talking about 2 settings. Passwordless.expires_at is set on every individual Passwordless::Session object, but if Rails' own session expires before that, it wont matter how long you set it to.
In for example config/initializers/session_store.rb:
Rails.application.config.session_store :cookie_store,
expire_after: 1.year,
# ...Thanks for chiming in, @rickychilcott! You're absolutely right. Just to avoid misunderstandings: We are talking about 2 settings.
Passwordless.expires_atis set on every individualPasswordless::Sessionobject, but if Rails' own session expires before that, it wont matter how long you set it to.In for example
config/initializers/session_store.rb:Rails.application.config.session_store :cookie_store, expire_after: 1.year, # ...
Just to letting you know folks. This is what I was looking for and it's fixed my problem.
mikker
commented
3 years ago Glad you figured it out! Starting to think we should add this bit to the README too.
mzrnsh
commented
2 years ago My Rails 7 app was kicking out users after quitting their browser. Fixed it with @mikker's suggestion 🙏.
Since Passwordless defaults don't seem to play along nicely with Rails 7 defaults, maybe we should indeed add this to the README. Or change the default config to match Rails' approach, which [I think] is to expire the cookie when the browser session ends.
Hey 👋
We usually receive feedback from users who log in via smartphone (only mobile) using Passwordless but not saving a session for a short period (like 1 day), forcing the users to ask for a new code every time.
There is an alternative like http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable, or this is not a recurring problem for your users?