This note describes how to kick a user out of a Rails application after she hasn't requested an action for a while. Note that this is different from deleting sessions some time after the last login, which is the default.

UI/UX Design by

We make sure that your target audience has the best possible experience with your digital product. You get:

• Design tailored to your audience
• Proven processes customized to your needs
• An expert team of experienced designers

Read more Show archive.org snapshot

Also note that this is probably a bad idea. Most sites keep sessions alive forever because having to sign in again and again is quite inconvenient for users and makes your conversion rates go down the toilet. The Clearance default is to keep sessions around for one year (and should be much longer).

Anyway, let's assume you're designing an online banking site, you are using Clearance Show archive.org snapshot for authentication, and you need to kick people out of your system after idling for one hour. You want to make this Cucumber feature go green:

Scenario: Users are kicked out of the system after one hour of inactivity
  When I sign in
    And it is 50 minutes later
    And I go to the homepage
  Then I should be signed in
  When it is 65 minutes later
    And I go to the homepage
  Then I should not be signed in

Configure your Clearance in config/initializers/clearance.rb like this:

Clearance.configure do |config|
  # ...
  config.cookie_expiration = lambda { 1.hour.from_now.utc }
end

Now run a before filter for every incoming request that refreshes the cookie's expiration date:

class ApplicationController < ActionController::Base
  include Clearance::Authentication

  before_filter :refresh_authentication

  def refresh_authentication
    sign_in(current_user)
  end

end

The feature should be green now.