how to timeout a session in rails 2.3.9

I am running a rails 2.3.9 app and I cannot seem to make the session expire.

I have tried the :expires_after => in the environment.rb and it works in webrick, but crashes on nginx with passenger.

Is there a way in the application controller or somewhere else that I can set a session variable to timeout after a certain amount of time ?

thanks for any tips

I am running a rails 2.3.9 app

Unsupported, known insecure version of Rails (and probably Ruby) --
have you considered upgrading? :slight_smile:

I have tried the :expires_after => in the environment.rb and it works in
webrick, but crashes on nginx with passenger.

That should be :expire_after according to the doc; which are you
actually using?

i cannot really upgrade. I would love too, but i have a bazillion lines of code for this version running.
you were right. terminology was wrong expire_after not expires…

tested and working now, thanks very much !

sk

At the VERY least, you should upgrade to Rails 2.3.18 as there were security fixes in every one of those 9 updates (some of them quite serious!).

Speaking as someone who also has a client with many lines of code running in a Rails 2.3.18 framework-based application, you can really upgrade (a little bit).

-Rob

i cannot really upgrade. I would love too, but i have a bazillion lines of
code for this version running.

At the very least consider upgrading to 2.3.18 (last in the line) for
the security fixes. You'll see deprecation warnings but your code
should work as is.

Also, assuming you're on Ruby 1.8.7, consider moving to the 1.4.x
branch of Rubinius, which is 1.8.7 compatible and still maintained.

you were right. terminology was wrong expire_after not expires..
tested and working now, thanks very much !

Great, good to hear.

So expires_after worked correctly in webrick. Very strange.

Colin

Thanks to all on the upgrade to .18
will do this over the weekend.

thanks again to all

sk