session_uid.rb in authpwn_rails-0.13.3

- old
+ new

@@ -12,12 +12,12 @@
   validates :browser_ua, :presence => true
 
   # The IP of the computer that received this suid.
   validates :browser_ip, :presence => true
 
-  # Decent compromise between convenience and security.
-  self.expires_after = 14.days
+  # Browser users are logged out if they don't hit the app in this much time.
+  self.expires_after = Authpwn::Engine.config.authpwn.session_expiration
 
   # Creates a new session UID token for a user.
   #
   # @param [User] user the user authenticated using this session
   # @param [String] browser_ip the IP of the session
@@ -32,10 +32,10 @@
   # Refresh precision for the updated_at timestamp, in seconds.
   #
   # When a session UID is used to authenticate a user, its updated_at time is
   # refreshed if it differs from the current time by this much.
   class_attribute :updates_after, :instance_writer => false
-  self.updates_after = 1.hour
+  self.updates_after = Authpwn::Engine.config.authpwn.session_precision
 
   # Updates the time associated with the session.
   def spend
     self.touch if Time.now - updated_at >= updates_after
   end