Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Stop Devise from clearing session

Tags:

ruby

ruby-on-rails

ruby-on-rails-3

devise

It seems when a user logs out via standard Devise controllers, Devise destroys the entire session store, not just its own data. Is there any way to avoid this behavior? I have other irrelevant data that should be kept around.

session[:my_var] = "123"

Log out via devise...

puts session[:my_var]
# => nil
like image 276
bloudermilk Avatar asked Apr 14 '12 10:04

bloudermilk

3 Answers

In the lasts versions of devise it is not necesary to override the sessions controller, instead you can just use:

config.sign_out_all_scopes = false

In the devise.rb file to get the desired behaviour.

like image 175
NanoOnTilt Avatar answered Sep 18 '22 15:09

NanoOnTilt

The destroy¹ method of SessionsController contains the following line:

signed_out = Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)

The sign_out_all_scopes² method calls warden.logout without any arguments, and the sign_out³ method calls warden.logout(scope).

The documentation of the logout⁴ method states:

# Logout everyone and clear the session
env['warden'].logout

# Logout the default user but leave the rest of the session alone
env['warden'].logout(:default)

Conclusion: sign_out should preserve the session when given a specific scope. However, I don't see any way to do that. sign_out_all_scopes is always called first, and will only return false if it couldn't log any user out.

I recommend either posting a feature request on their issue tracker or developing your own authentication solution. Rails now provides has_secure_password, and these days people seem to be going for the latter in order to avoid running into these problems.

¹ Devise::SessionsController#destroy

² Devise::Controllers::Helpers#sign_out_all_scopes

³ Devise::Controllers::Helpers#sign_out

Warden::Proxy#logout

like image 24
Matheus Moreira Avatar answered Sep 17 '22 15:09

Matheus Moreira

You could just override Devise's SessionController, like I did to preserve a shopping cart:

sessions_controller.rb

class SessionsController < Devise::SessionsController

    def destroy
        order_id = session[:order_id] 
        super  
        session[:order_id] = order_id
    end

end

routes.rb

devise_for :users, :controllers => { :sessions => "sessions" }
like image 45
manafire Avatar answered Sep 19 '22 15:09

manafire
Sign in to Comment

Related questions

Ruby on Rails escape_javascript usage with jQuery
Twitter API via OmniAuth on Rails 3, Net::HTTPUnauthorized hell
How to display image which is stored on s3 without storing on harddisk?
MySQL syntax in Rails 3, NOT Case sensitive searching, not working on Heroku?
Threading in rails console with active record doesn't find Model in the database
cucumber capybara how does it work
can't figure out how to do i18n on Devise
The scope of custom helper
Job queue alternatives to workling for use with rails 3?
How to display a form for a subset of associated records, some of which don't exist yet?
Error setting up Ruby on Rails
How to turn oauth_token & oauth_verifier into Access Token with OAuth gem
Restarting Rails Server
Select * sql query vs Select specific columns sql query [duplicate]
Ruby Mechanize table scraping doesn't capture entire row
Change recorded variables created_at property
Capistrano deploy but manually run migrations
Use DataMapper instead of ActiveRecord [closed]
rails - collection_select selected value if defined?
Rails 4: How to use includes() with where() to retrieve associated objects

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!