0

As mentioned in chapter 8 of Ruby on Rails Guide by Michael Hartl a session gets deleted when the browser window is closed. I have tried using both Chrome and Firefox but the session does not gets deleted.

I am using the following login helper function:

def log_in user  
  session[:user_id]=user.id  
end

and the session_store.rb file contains the following code:

Rails.application.config.session_store :cookie_store, key: '_sample_app_session'

I figured out that for a particular expiration time 

:expire_after => 60.minutes

can be used but what is to be done if we want to expire the session as soon as the browser window is closed?

Aman Khare
  • 43
  • 5
  • Since you are using cookie store, you might wanna check the cookie's expiration settings. – xlembouras Mar 05 '16 at 10:56
  • where to check cookie's expiration setting? – Aman Khare Mar 05 '16 at 11:00
  • Try `:expire_after => nil`. [Source](http://stackoverflow.com/a/32630220/157328) – Leventix Mar 05 '16 at 11:50
  • @Leventix - this is a default value. – BroiSatse Mar 05 '16 at 11:53
  • @Leventix: https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L195 – BroiSatse Mar 05 '16 at 12:02
  • That value [goes into the cookie's expires](https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L351) where `nil` means expire when browser is closed. It might be easier to try setting a simple cookie and checking DevTools Network tab for the `Set-Cookie` header. – Leventix Mar 05 '16 at 12:08
  • 1
    wait a second: by "browser window is closed" you mean there are other open windows of the same browser? That would explain it, as cookies without expiry are deleted when the browser application is closed (i.e. the browser session ends). – Leventix Mar 05 '16 at 12:11
  • @Leventix by saying "browser window is closed" i meant "browser application is closed" and i tried using :expire_after => nil , it is not working. I even tried restarting the rails server after i closed the browser application then too it is showing the same logged in session which should have expired. – Aman Khare Mar 05 '16 at 12:21
  • @Aman Khare: make sure you also clear the cookies before you do a new test; changing the Rails config might not affect cookies that have already been set – Leventix Mar 05 '16 at 12:43
  • @Leventix I did that too. – Aman Khare Mar 05 '16 at 12:49
  • Are by any chance using Chrome and have the "Remember where I left off" setting on? [see this answer](http://stackoverflow.com/questions/10617954/chrome-doesnt-delete-session-cookies) – Ammar Alammar Mar 05 '16 at 16:13

0 Answers0