18F · mitchellhenke · Feb 26, 2024 · Feb 26, 2024
diff --git a/app/controllers/concerns/remember_device_concern.rb b/app/controllers/concerns/remember_device_concern.rb
@@ -9,7 +9,7 @@ def save_remember_device_preference(remember_device_preference)
     return if remember_device_preference != '1' && remember_device_preference != 'true'
     cookies.encrypted[:remember_device] = {
       value: RememberDeviceCookie.new(user_id: current_user.id, created_at: Time.zone.now).to_json,
-      expires: remember_device_cookie_expiration,
+      expires: IdentityConfig.store.remember_device_expiration_hours_aal_1.hours.from_now,
     }
   end
 
@@ -83,12 +83,4 @@ def handle_valid_remember_device_analytics(cookie_created_at:)
       cookie_age_seconds: (Time.zone.now - cookie_created_at).to_i,
     )
   end
-
-  def remember_device_cookie_expiration
-    if IdentityConfig.store.set_remember_device_session_expiration
-      nil
-    else
-      IdentityConfig.store.remember_device_expiration_hours_aal_1.hours.from_now
-    end
-  end
 end
diff --git a/config/application.yml.default b/config/application.yml.default
@@ -309,7 +309,6 @@ session_timeout_in_minutes: 15
 session_timeout_warning_seconds: 150
 session_total_duration_timeout_in_minutes: 720
 ses_configuration_set_name: ''
-set_remember_device_session_expiration: false
 sp_handoff_bounce_max_seconds: 2
 show_unsupported_passkey_platform_authentication_setup: false
 show_user_attribute_deprecation_warnings: false

diff --git a/lib/identity_config.rb b/lib/identity_config.rb
@@ -448,7 +448,6 @@ def self.build_store(config_map)
     config.add(:session_timeout_in_minutes, type: :integer)
     config.add(:session_timeout_warning_seconds, type: :integer)
     config.add(:session_total_duration_timeout_in_minutes, type: :integer)
-    config.add(:set_remember_device_session_expiration, type: :boolean)
     config.add(:show_unsupported_passkey_platform_authentication_setup, type: :boolean)
     config.add(:show_user_attribute_deprecation_warnings, type: :boolean)
     config.add(:skip_encryption_allowed_list, type: :json)

diff --git a/spec/features/remember_device/cookie_expiration_spec.rb b/spec/features/remember_device/cookie_expiration_spec.rb
@@ -6,34 +6,12 @@
 
   let(:user) { user_with_2fa }
 
-  context 'with feature flag set' do
-    before do
-      allow(IdentityConfig.store).to receive(:set_remember_device_session_expiration).
-        and_return(true)
-    end
-
-    it 'expires the remember device cookie' do
-      sign_in_user_with_remember_device
-      expire_cookies
-      sign_in_user(user)
-
-      expect(current_url).to match(%r{/login/two_factor/})
-    end
-  end
-
-  context 'with feature flag unset' do
-    before do
-      allow(IdentityConfig.store).to receive(:set_remember_device_session_expiration).
-        and_return(false)
-    end
-
-    it 'does not expire the remember device cookie' do
-      sign_in_user_with_remember_device
-      expire_cookies
-      sign_in_user(user)
+  it 'does not expire the remember device cookie' do
+    sign_in_user_with_remember_device
+    expire_cookies
+    sign_in_user(user)
 
-      expect(current_url).to match(%r{/account})
-    end
+    expect(current_url).to match(%r{/account})
   end
 
   def sign_in_user_with_remember_device