# Common settings of the global session (that apply to all Rails environments)
# are listed here. These may be overidden in the environment-specific section.
common:
  attributes:
    # Signed attributes of the global session
    signed:
    - user
    # Untrusted attributes of the global session
    insecure:
    - account
  #If the session cookie is ephemeral, it goes away when the user closes the browser.
  #Otherwise it stays around
  ephemeral: false
  
# Test/spec runs
test:
  timeout: 15 #minutes
  renew: 5 #minutes before expiration
  cookie:
    name: global_session
  #the name of the local authority (optional)
  authority: test
  #which authorities this app will trust
  trust:
  - test

# Development mode
development:
  timeout: 60
  renew: 15
  cookie:
    name: global_session
  authority: development
  trust:
  - development
  - production

# Production mode
production:
  timeout: 60
  renew: 15
  cookie:
    name: global_session
    domain: <%= app_domain %>
  authority: production
  trust:
  - production