Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected session expiration in secondary device #454

Open
sseerrggii opened this issue Dec 12, 2018 · 5 comments
Open

Unexpected session expiration in secondary device #454

sseerrggii opened this issue Dec 12, 2018 · 5 comments
Assignees
@mperezv
Labels
help wanted

Comments

@sseerrggii
Copy link
Contributor

sseerrggii commented Dec 12, 2018
edited
Loading

I have been investigating why the session closes in the mobile app (webview).

After a bit of headache trying to find the pattern, I think I understood what is going on.

The problem happens when user check "remember me" on login: this is the default behaviour on mobile app. In DB is stored as REMEMBER CREATED AT date

After that if this user login on desktop and close the session on desktop REMEMBER CREATED AT field is reset to null, and the session on mobile will expire in 1 hour (devise config.timeout_in)

So is there a way to avoid this behaviour? We want to keep REMEMBER CREATED AT on app session.

I found this config in /config/initializers/devise.rb, I'm not sure if its the solution:

# Set this configuration to false if you want /users/sign_out to sign out
# only the current scope. By default, Devise signs out all scopes.
# config.sign_out_all_scopes = true

Extra

We want to persist the session on mobile app, the remembereable option is for 4.weeks so we need to update REMEMBER CREATED AT the next time the user interact with the app, I think this can be done also in /config/initializers/devise.rb

# If true, extends the user's remember period when remembered via cookie.
config.extend_remember_period

What do you think? @markets @mllocs @sauloperez @enricostano
@sseerrggii sseerrggii changed the title Unexpected session logout in secondary device Unexpected session expiration in secondary device Dec 12, 2018
@sauloperez
Copy link
Collaborator

I don't know how that column actually looks like in the DB and I'm not an expert on Devise myself but what you suggest of sign_out_all_scopes sounds good.

This was referenced Jan 2, 2019
Closed
Closed
@sseerrggii
Copy link
Contributor Author

Sadly don't work as expected 😞

config.sign_out_all_scopes is true but when I sign out session started without 'remember me' the REMEMBER CREATED AT is reset

Also I don't see that config.extend_remember_period refresh date on REMEMBER CREATED AT

Actually I'm not sure what is the behaviour expected of changing this variables. I didn't find it in Devise documentation https://www.rubydoc.info/github/plataformatec/devise/Devise/Models/Rememberable

@sauloperez
Copy link
Collaborator

Then we might need to check Devise's codebase

@mperezv mperezv self-assigned this Mar 12, 2020
@mperezv
Copy link
Collaborator

mperezv commented Apr 27, 2020

I think this matches with the behaviour described on this Devise's issue: heartcombo/devise#5212

@mperezv
Copy link
Collaborator

mperezv commented Apr 27, 2020

Also, I think we could have tried to set expire_all_remember_me to false but I found this other Devise's issue and it seems it wouldn't work: heartcombo/devise#5027

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mperezv mperezv

Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sauloperez @sseerrggii @mperezv