Devise Remember Me and Sessions

Question

I\'m confused with the devise gem config settings:

  # The time the user will be remembered without asking for credentials again.
  config.remember_for = 2.w         


        

Answer 1

The information in previous answers is outdated. I've tested my project, which uses Rails 4 and Devise 3.5.1 and also checked devise code to be sure.

Now it looks whether Remember Me checkbox was checked:

• if yes, it checks if remember_exists_and_not_expired, so basically uses config.remember_for for session management

• if no, it checks if last_access <= timeout_in.ago, using config.timeout_in correspondingly