Closed bcasci closed 1 year ago
mikker
commented
1 year ago Passwordless can't remember longer than Rails does. Did you try this?
https://github.com/mikker/passwordless/issues/102#issuecomment-903159197
1.0 should fix this by removing just controlling token expiration.
bcasci
commented
1 year ago Yes...that was the missing link! Thank you. Oh, and remembering to restart the servers too ;). It's easy to over look this detail after years of using the typical Rails authentication libraries which generally obscure you from having to configure session options.
I have the the timeout_at and expires_at set at the default settings. From What I understand, this means the session is good for 1 year and a magic link is good for 1 hour. However when I am logged in, I am eventually asked to log back in after a time. What could I missing? Are sessions invalidated after a period of inactivity?