I am using 'devise' for password authentication in my ruby on rails app. Once I successfully login and I close my browser and open a new browser window I am still logged in. Lets say I am using Chrome, I close all instances of chrome and then open a new one. I am still logged in. The same is the case when I am doing IE and Firefox too.
I would assume on close of window and opening a new window should establish a new session between the server and the browser isn't it? If not how do I achieve that?
i used tried doing clicking on logout button on browser window's onbeforeunload
event, but it does not works as it logout of application on any form submit or link click.
window.onbeforeunload = function() {
$('#logout_cls').click();
};
and tried sending AJAX
request to the sessions controller destroy action for clearing the session.
jQuery(window).bind(
"close",
function(event) {
$.ajax({
type: 'DELETE',
dataType: 'json',
url: $('#logout_cls').attr('href')
});
});
but all this did not work.
Turns out that the problem was how my session_store was configured.
MyApp::Application.config.session_store :active_record_store,
{:key => '_my_app_session', :secret => '5xb5x1g92e965b95b16e49x79gxx9999', :expire_after => 2.hours}
I removed the options and the issue was solved.
I have another question though and that is removing options does it have any potential risks? I am not storing any important data in the session obviously but putting in data I wouldn't want exposed.
My app would be going live in a few days it would be very helpful to get an answer for this. I googled things for an hour or so but didn't have too much luck.
Thanks
That is actually a feature. Facebook and pretty much all sites with authentication do it through the use of cookies.
Devise's option Rememberable "manages generating and clearing a token for remembering the user from a saved cookie". If you don't want that, then remove the remember_token
string and remember_created_at
datetime from your user model and remove the Remember Me
button from your login page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With