Make auto-session-timeout compatible with Rails' protect_from_forgery
feature by adding a condition to prevent the session from being timed
out if the user is logging in. This condition is necessary because the
user will receive a 'CSRF token invalid' error if they try logging in
after they have been on the login page for longer than the configured
timeout value (i.e. the time specified by auto_session_timeout in
application_controller.rb).
Make auto-session-timeout compatible with Rails' protect_from_forgery feature by adding a condition to prevent the session from being timed out if the user is logging in. This condition is necessary because the user will receive a 'CSRF token invalid' error if they try logging in after they have been on the login page for longer than the configured timeout value (i.e. the time specified by auto_session_timeout in application_controller.rb).
^ description from https://github.com/pelargir/auto-session-timeout/pull/15
In addition: