UCB Rails Session Timeout

Rails gem that provides configurable session timeouts and warning notifications. When users are inactive, they receive a warning dialog and can choose to extend their session or be logged out.

Features

  • Configurable timeout and warning periods
  • Native HTML dialog warning
  • Automatic session tracking
  • No external dependencies
  • Supports Rails 7+

Installation

gem "ucb_rails_session_timeout"

Ruby Setup

Add to your ApplicationController:

class ApplicationController < ActionController::Base
  include UcbRailsSessionTimeout

  ...
end

By default, the warning popup will appear after 13 minutes, the session will timeout after 15 minutes, and the current page will reload (which should fail, as the user should already be logged out). You can customize any/all of these behaviors by creating an initializer and changing the values:

# config/initializers/ucb_rails_session_timeout.rb

UcbRailsSessionTimeout.configure do |config|
  # timeout length as a duration - default is 15.minutes
  config.timeout_length = 20.minutes

  # warning length as a duration: the warning will popup this length of time before the timeout - default is 2.minutes
  config.warning_length = 5.minutes

  # the URL to redirect to when the session times out - default is the current URL
  # for more reliable behavior, set this to a path that will actually log the user out
  config.redirect_url = "/logout"
end

If you want to do something besides redirecting the user after the session times out, you can override the handle_session_timeout method in the ApplicationController and implement whatever behavior you'd like:

class ApplicationController < ActionController::Base
  ...

  def handle_session_timeout
    logger.info "Session timed out"
    redirect_to "/login", alert: "You have been logged out"
  end

  ...
end

JavaScript Setup (optional)

If you don't want the popup warning, you can skip this step.

Propshaft setup

Import the timer so it's available to the view.

// app/javascript/application.js
import { ActivityTimer } from "@ucb_rails_session_timeout/activity_timer"

Sprockets setup

Add this to your application.js

//= require ucb_rails_session_timeout

Add the popup script to your view

The ucb_rails_session_timeout_script helper will insert a JavaScript snippet that initializes the timer for the popup. Call the helper from anywhere in your view layer (e.g. your application layout file):

= ucb_rails_session_timeout_script()

Most likely, you'll only want the popup warning on pages where the user is actually logged in:

- if current_user.present?
  = ucb_rails_session_timeout_script()

Styling

The warning dialog uses the native HTML <dialog> element with a CSS class .ucb-rails-session-timeout-dialog. You can use the class in your CSS files as a hook to style the dialog however you'd like:

.ucb-rails-session-timeout-dialog {
  /* override dialog styles */
}

If you're using Bootstrap with SASS, you can use the @extend feature to integrate Bootstrap's modal styles:

.ucb-rails-session-timeout-dialog {
  @extend .modal;

  header {
    @extend .modal-header;
  }

  main {
    @extend .modal-body;
  }

  footer {
    @extend .modal-footer;

    button {
      @extend .btn;
      @extend .btn-primary;
    }
  }
}