Merge pull request #47 from jlcapps/issue_46_remove_protect_from_forg…

…ery_call

Remove protect_from_forgery call

lib/auto_session_timeout.rb

@@ -1,12 +1,11 @@
 module AutoSessionTimeout
-  
+
   def self.included(controller)
     controller.extend ClassMethods
   end
-  
+
   module ClassMethods
     def auto_session_timeout(seconds=nil)
-      protect_from_forgery except: [:active, :timeout]
       prepend_before_action do |c|
         if session_expired?(c) && !signing_in?(c)
           handle_session_reset(c)
@@ -18,18 +17,18 @@ def auto_session_timeout(seconds=nil)
         end
       end
     end
-    
+
     def auto_session_timeout_actions
       define_method(:active) { render_session_status }
       define_method(:timeout) { render_session_timeout }
     end
   end
-  
+
   def render_session_status
     response.headers["Etag"] = nil  # clear etags to prevent caching
     render plain: !!current_user, status: 200
   end
-  
+
   def render_session_timeout
     flash[:notice] = t("devise.failure.timeout", default: "Your session has timed out.")
     redirect_to sign_in_path
@@ -54,7 +53,7 @@ def sign_in_path
   rescue
     "/login"
   end
-  
+
 end
 
 ActionController::Base.send :include, AutoSessionTimeout