How can I get authlogic to use the Rails session instead of its own cookie?

Question

I would like authogic to never set a user_credentials cookie, and only use the standard Rails session cookie.

I see Session is included in Authlogic::Session::Session::Base after Cookies. If I log into my app and then delete the user_credentials cookie, I still stay logged in. So apparently authlogic is storing the credentials in both places and checking both places? Or ignoring the cookie but still setting it? How can I have it never set or reference the user_credentials cookie?

Answer 1

According to the answer to my question here…

How can I remove callbacks inserted by vendor code?

…the answer to THIS question is to do this above my UserSession definition:

Authlogic::Session::Base.after_save.delete_if{ |callback| callback.method == :save_cookie }
class UserSession < Authlogic::Session::Base
end

Answer 2

If you use vendored authlogic then you can prevent to user_credentials cookie by using and change some code on save_cookie method on "authlogic-2.1.5/lib/authlogic/session/cookies.rb"