From 030eaa3078bf8786ae8d13d1f165a63dbba563df Mon Sep 17 00:00:00 2001
From: Artur Beljajev <artur.beljajev@internet.ee>
Date: Wed, 27 Sep 2017 01:58:43 +0300
Subject: [PATCH] Enable configuring user session timeout

---
 config/application-example.yml | 2 ++
 config/initializers/devise.rb  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/application-example.yml b/config/application-example.yml
index 69ade1976..f54557828 100644
--- a/config/application-example.yml
+++ b/config/application-example.yml
@@ -127,3 +127,5 @@ payments_lhv_url: 'https://www.seb.ee/cgi-bin/dv.sh/ipank.r'
 payments_lhv_bank_certificate: 'eyp_pub.pem'
 payments_lhv_seller_private: 'kaupmees_priv.pem'
 payments_lhv_seller_account: 'testvpos'
+
+user_session_timeout: '3600' # 1 hour
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 899dfefb1..7862dccc2 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -155,7 +155,7 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  config.timeout_in = (Rails.env.development? || Rails.env.staging?) ? 5.years : 8.hours
+  config.timeout_in = ENV['user_session_timeout']
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false