How to cancel a specific session when logging out in Rails / w?

Question

How to cancel a specific session when logging out in Rails / w?

I want to cancel a session when a user logs out using Devise, I have a callback to catch when a user logs out, for more protection against session hijacking.

class ApplicationController < ActionController::Base def sign_out(*args) super(*args) reset_session end end

I realized that this would delete the session information stored on the server side, which makes it invalid.

However, I can still log in using the session ID I received before discharge. I don’t understand how it works? I just want to invalidate only this session, not all of them.

I use the default value for session_store.

+6

ruby-on-rails session devise

Saifis Jul 22 '13 at 2:19

source share

1 answer

Saifis · Accepted Answer · 2013-07-30T07:17:28+0000

After some searching and reflection, I came to this question , which could be changed according to my needs,

all i did was

application_controller.rb

  def sign_out(*args) current_user.update_attribute(:current_sign_in_token, "") super end

which will invalidate sign_in_token, thereby terminating the session, so capturing the session identifier will still be out of the game.

How to cancel a specific session when logging out in Rails / w?

More articles: