From d0051708c6cfe43fc494571d28174503efbbd02e Mon Sep 17 00:00:00 2001
From: Masataka Pocke Kuwabara <kuwabara@pocke.me>
Date: Sat, 1 May 2021 18:32:29 +0900
Subject: [PATCH] Simplify `Session.sweep` method example in security doc [ci
 skip]

---
 guides/source/security.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/guides/source/security.md b/guides/source/security.md
index 68d749fe48..0a7f551833 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -211,15 +211,11 @@ Another countermeasure is to _save user-specific properties in the session_, ver
 
 NOTE: _Sessions that never expire extend the time-frame for attacks such as cross-site request forgery (CSRF), session hijacking, and session fixation._
 
-One possibility is to set the expiry time-stamp of the cookie with the session ID. However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer. Here is an example of how to _expire sessions in a database table_. Call `Session.sweep("20 minutes")` to expire sessions that were used longer than 20 minutes ago.
+One possibility is to set the expiry time-stamp of the cookie with the session ID. However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer. Here is an example of how to _expire sessions in a database table_. Call `Session.sweep(20.minutes)` to expire sessions that were used longer than 20 minutes ago.
 
 ```ruby
 class Session < ApplicationRecord
   def self.sweep(time = 1.hour)
-    if time.is_a?(String)
-      time = time.split.inject { |count, unit| count.to_i.send(unit) }
-    end
-
     where("updated_at < ?", time.ago.to_s(:db)).delete_all
   end
 end