forked from fedi/mastodon
Extend Devise remember_me longevity to 1 year instead of 2 weeks (#4587)
Force SSL only cookies for remember_me, adjust confirmation expiration time to fit with the user cleanup scheduler
This commit is contained in:
parent
3d47154c20
commit
40be4ea239
|
@ -154,7 +154,7 @@ Devise.setup do |config|
|
||||||
# their account can't be confirmed with the token any more.
|
# their account can't be confirmed with the token any more.
|
||||||
# Default is nil, meaning there is no restriction on how long a user can take
|
# Default is nil, meaning there is no restriction on how long a user can take
|
||||||
# before confirming their account.
|
# before confirming their account.
|
||||||
# config.confirm_within = 3.days
|
config.confirm_within = 2.days
|
||||||
|
|
||||||
# If true, requires any email changes to be confirmed (exactly the same way as
|
# If true, requires any email changes to be confirmed (exactly the same way as
|
||||||
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
||||||
|
@ -167,7 +167,7 @@ Devise.setup do |config|
|
||||||
|
|
||||||
# ==> Configuration for :rememberable
|
# ==> Configuration for :rememberable
|
||||||
# The time the user will be remembered without asking for credentials again.
|
# The time the user will be remembered without asking for credentials again.
|
||||||
# config.remember_for = 2.weeks
|
config.remember_for = 1.year
|
||||||
|
|
||||||
# Invalidates all the remember me tokens when the user signs out.
|
# Invalidates all the remember me tokens when the user signs out.
|
||||||
config.expire_all_remember_me_on_sign_out = true
|
config.expire_all_remember_me_on_sign_out = true
|
||||||
|
@ -177,7 +177,7 @@ Devise.setup do |config|
|
||||||
|
|
||||||
# Options to be passed to the created cookie. For instance, you can set
|
# Options to be passed to the created cookie. For instance, you can set
|
||||||
# secure: true in order to force SSL only cookies.
|
# secure: true in order to force SSL only cookies.
|
||||||
# config.rememberable_options = {}
|
config.rememberable_options = { secure: true }
|
||||||
|
|
||||||
# ==> Configuration for :validatable
|
# ==> Configuration for :validatable
|
||||||
# Range for password length.
|
# Range for password length.
|
||||||
|
|
Loading…
Reference in a new issue