From 1e3224aeea7e5c2a9071a0f4a4c260004f1c5ecc Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Mon, 18 May 2026 03:39:08 +0000
Subject: [PATCH] Extend session to 90 days and make it persistent

- Modified config/initializers/session_store.rb to add 'expire_after: 90.days',
  ensuring the session cookie persists after the browser/tab is closed.
- Updated config/initializers/devise.rb to set 'config.timeout_in' and
  'config.remember_for' to 90 days to align with the new session policy.

Co-authored-by: CloCkWeRX <365751+CloCkWeRX@users.noreply.github.com>
---
 config/initializers/devise.rb        | 4 ++--
 config/initializers/session_store.rb | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 18c21d5f9f..9f34429734 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -107,7 +107,7 @@
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 90.days
 
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
@@ -128,7 +128,7 @@
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  config.timeout_in = 30.days
+  config.timeout_in = 90.days
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 26a833e0b7..443ca405f7 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,7 +2,7 @@
 
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_growstuff_session'
+Rails.application.config.session_store :cookie_store, key: '_growstuff_session', expire_after: 90.days
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information