Enable Devise timeoutable module

Expire the user session after 1 hour of inactivity. Timeoutable uses the FlashHash as global storage which causes issues when displaying flash messages. The workaround is to skip non String values. More info on heartcombo/devise#1777
hmcts · Mar 30, 2020 · 654f650 · 654f650
1 parent b5044a0
commit 654f650
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -16,7 +16,8 @@ class User < ActiveRecord::Base
          :validatable,
          :invitable,
          :registerable,
-         :confirmable
+         :confirmable,
+         :timeoutable
 
   scope :active, -> { where('current_sign_in_at >= ?', inactivate_date) }
   scope :inactive, (lambda do

diff --git a/app/views/layouts/application.html.slim b/app/views/layouts/application.html.slim
@@ -26,6 +26,7 @@
             .govuk-error-summary__body
               ul.govuk-list.govuk-error-summary__list
                 - flash.each do |key, value|
+                  - next unless value.is_a? String
                   li class="#{key}" data-alert='' #{value.html_safe}
 
 

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -189,7 +189,7 @@
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 1.hour
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false