rocket_auth
rocket_auth copied to clipboard
Session is not invalidated after time expires using login_for
login_for
method takes a Duration parameter, for how long the user should be logged in, after whose expiration I'm expecting the user to not be authorized anymore.
I'm trying this with one minute.
auth.login_for(&form, std::time::Duration::from_secs(60))
.await?;
In session/default/mod.rs
this sets the auth key for that amout of time, but it seems it doesn't have effect...
#[throws(Error)]
fn insert_for(&self, id: i32, key: String, time: Duration) {
let key = AuthKey {
expires: time.as_secs() as i64,
secret: key,
};
self.insert(id, key);
}
User session keeps letting me make requests even after 1 minute has passed.
Shouldn't rocket_auth automatically invalidate the session after expiration?