---
title: Enforce Token Expiration
impact: MEDIUM
impactDescription: limits the lifespan of stolen tokens or temporary credentials
tags: security, session, token, timeout
---

## Enforce Token Expiration

All authorization codes, access tokens, and temporary files should have a strict, short expiration time.

**Incorrect (no expiry):**

```ruby
class ResetToken < ApplicationRecord
  # Token never expires
end
```

**Correct (expiration check):**

```ruby
class ResetToken < ApplicationRecord
  def valid?
    created_at > 2.hours.ago
  end
end
```

**Tools:** Manual Review
---