DEV: correct implementation of expiry api

DEV: correct implementation of expiry api

Previously we were always hard-coding expiry, this allows the secure session to correctly handle custom expiry times

Also adds a ttl method for looking up time to live

diff --git a/lib/secure_session.rb b/lib/secure_session.rb
index 6b8efe57c1..667034361e 100644
--- a/lib/secure_session.rb
+++ b/lib/secure_session.rb
@@ -16,10 +16,14 @@ class SecureSession
 
   def set(key, val, expires: nil)
     expires ||= SecureSession.expiry
-    $redis.setex(prefixed_key(key), SecureSession.expiry.to_i, val.to_s)
+    $redis.setex(prefixed_key(key), expires.to_i, val.to_s)
     true
   end
 
+  def ttl(key)
+    $redis.ttl(prefixed_key(key))
+  end
+
   def [](key)
     $redis.get(prefixed_key(key))
   end
diff --git a/spec/components/secure_session_spec.rb b/spec/components/secure_session_spec.rb
index 1e2aad5060..59910ff5a0 100644
--- a/spec/components/secure_session_spec.rb
+++ b/spec/components/secure_session_spec.rb
@@ -14,4 +14,16 @@ describe SecureSession do
     s["hello"] = nil
     expect(s["hello"]).to eq(nil)
   end
+
+  it "can override expiry" do
+    s = SecureSession.new("abc")
+    key = SecureRandom.hex
+
+    s.set(key, "test2", expires: 5.minutes)
+    expect(s.ttl(key)).to be_within(1.second).of (5.minutes)
+
+    key = SecureRandom.hex
+    s.set(key, "test2")
+    expect(s.ttl(key)).to be_within(1.second).of (SecureSession.expiry)
+  end
 end

GitHub sha: 91daafc6

1 Like

This commit has been mentioned on Discourse Meta. There might be relevant details there: