You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Basically they set the cookie_expiration to a short period of time, then call sign_in on any controller action. This way the user will only be logged out if they stop using the site.
This worked well for us, but it has one downside - every time a request is made, the existing CSRF token becomes invalid because rotate_csrf_on_sign_in is set to true. One example being if you have a download link on a page with a form, clicking the download will change the CSRF token and the user will not be able to submit the form.
Is it possible to update cookie_expiration manually instead of having to go through sign_in? Thanks!
The text was updated successfully, but these errors were encountered:
I didn't see a way to do this right now but found a workaround someone had developed.
Basically they set the
cookie_expirationto a short period of time, then callsign_inon any controller action. This way the user will only be logged out if they stop using the site.This worked well for us, but it has one downside - every time a request is made, the existing CSRF token becomes invalid because
rotate_csrf_on_sign_inis set to true. One example being if you have a download link on a page with a form, clicking the download will change the CSRF token and the user will not be able to submit the form.Is it possible to update
cookie_expirationmanually instead of having to go throughsign_in? Thanks!The text was updated successfully, but these errors were encountered: