This gem is able to logout a user after a period of inactivity that is configured with the config.timeout_in parameter.

In some applications it is required to logout a user after a fixed length of time, for security reason, no matter the user is active or not, which is not supported by this gem as far as I can see.

The Timeoutable class could be extended with a new optional parameter (similar to the timeout_in one) or by changing the behavior of the timeout_in parameter:

• when it is an Integer or a String, it keeps the current behavior
• when it is a Hash:
  • the inactivity key configures the inactivity timeout
  • the max key (or max_duration if better?) configures the new feature, login out the user when the session length is greater

Not sure about the name, I'm not good at naming things, sorry.

Of course, like the timeout_in works today, when this new parameter, or the max key is not set or nil, the feature is disabled.

A new warden session column would save the login time, which would be used to mesure the current session length and logout the user when its session length is greater than the given one.

In my eyes that look quite easy to test, and to implement since it is quite similar to the existing timeout feature.