search

mikker / passwordless

🗝 Authentication for your Rails app without the icky-ness of passwords
MIT License
1.28k stars 89 forks source link

Session Expires at is wrongly used #38

Closed avinoth closed 5 years ago

avinoth commented 5 years ago

Noticed this while doing #37

We are checking the session expiry time here - https://github.com/mikker/passwordless/blob/master/app/controllers/passwordless/sessions_controller.rb#L48 whereas it should use timeout_at. And, the expires_at should maybe used in the authenticate_by_cookie method instead. Correct me if I'm wrong, I may have misunderstood. If not, let me know, happy to send a PR.

mikker commented 5 years ago

You're right. Good catch! PR is very welcome, thank you!