@ -9,6 +9,7 @@ Warden::Manager.after_set_user except: :fetch do |user, warden|
value : session_id ,
value : session_id ,
expires : 1 . year . from_now ,
expires : 1 . year . from_now ,
httponly : true ,
httponly : true ,
secure : ( Rails . env . production? || ENV [ 'LOCAL_HTTPS' ] == 'true' ) ,
same_site : :lax ,
same_site : :lax ,
}
}
end
end
@ -19,6 +20,7 @@ Warden::Manager.after_fetch do |user, warden|
value : warden . cookies . signed [ '_session_id' ] || warden . raw_session [ 'auth_id' ] ,
value : warden . cookies . signed [ '_session_id' ] || warden . raw_session [ 'auth_id' ] ,
expires : 1 . year . from_now ,
expires : 1 . year . from_now ,
httponly : true ,
httponly : true ,
secure : ( Rails . env . production? || ENV [ 'LOCAL_HTTPS' ] == 'true' ) ,
same_site : :lax ,
same_site : :lax ,
}
}
else
else
@ -227,6 +229,10 @@ Devise.setup do |config|
# If true, extends the user's remember period when remembered via cookie.
# If true, extends the user's remember period when remembered via cookie.
# config.extend_remember_period = false
# config.extend_remember_period = false
# Options to be passed to the created cookie. For instance, you can set
# secure: true in order to force SSL only cookies.
config . rememberable_options = { secure : true }
# ==> Configuration for :validatable
# ==> Configuration for :validatable
# Range for password length.
# Range for password length.
config . password_length = 8 .. 72
config . password_length = 8 .. 72