Stop Devise from clearing session
The destroy
¹ method of SessionsController
contains the following line:
signed_out = Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
The sign_out_all_scopes
² method calls warden.logout
without any arguments, and the sign_out
³ method calls warden.logout(scope)
.
The documentation of the logout
⁴ method states:
# Logout everyone and clear the session
env['warden'].logout
# Logout the default user but leave the rest of the session alone
env['warden'].logout(:default)
Conclusion: sign_out
should preserve the session when given a specific scope. However, I don't see any way to do that. sign_out_all_scopes
is always called first, and will only return false
if it couldn't log any user out.
I recommend either posting a feature request on their issue tracker or developing your own authentication solution. Rails now provides has_secure_password
, and these days people seem to be going for the latter in order to avoid running into these problems.
¹ Devise::SessionsController#destroy
² Devise::Controllers::Helpers#sign_out_all_scopes
³ Devise::Controllers::Helpers#sign_out
⁴ Warden::Proxy#logout
How to devise destroy session and sign out from controller?
So I ended up solving this by creating a custom signout route
devise_scope :user do
get '/signout', to: 'devise/sessions#destroy', as: :signout
end
and in my controller I have:
if something_is_not_kosher
redirect_to signout_path and return
end
Stop devise from automatically creating a session after a successful registration
Simple solution: DON'T include the :registerable module in the model. I have it in for Admin, out for Tester.
How do I avoid a redirect when the user signs out in Devise?
You can change the behaviour by overriding Devise::SessionsController and the #destroy
method:
class MySessionsController < Devise::SessionsController
def destroy
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
# the `now: true` option sets the flash for this request
set_flash_message! :notice, :signed_out, now: true if signed_out
respond_to do |format|
format.all { head :no_content }
format.any(*navigational_formats) { render 'something' }
end
end
end
You also need to tell the router to route to your custom controller:
# config/routes.rb
devise_for :users, controllers: { sessions: "my_sessions" }
Devise destroy session doesn't destroy the session?
This is how i have implemented this so known to work:
devise_scope :user do
match "sign_out", :to => "sessions#destroy", via: [:delete]
end
<%= link_to sign_out_path, :method => "DELETE" do %>
<% end%>
Rails Disable devise flash messages
Probably the easiest way to do this is to
- Define each message as a blank string
- Check the length of the string before you show a flash message.
In your devise.en.yml
file, specify each message as empty:
en:
errors:
messages:
not_found: ''
already_confirmed: ''
not_locked: ''
etc. Next, in your layout, check for blank flash strings before you output them.
<% flash.each do |key, value| %>
<%= content_tag :div, value, :class => "flash #{key}" unless value.blank? %>
<% end %>
Related Topics
How to Create a Sha1 Hash in Ruby
How to Run Rake Tasks Within a Ruby Script
Parallel Assignment Operator in Ruby
Total Newbie: Instance Variables in Ruby
Google Plus API Shutdown Today, Which Alternative Can Be Used to Authentication
Is This the Best Way to Unescape Unicode Escape Sequences in Ruby
Ruby: How to Install a Specific Version of a Ruby Gem
What Are Some Good Ruby-Based Web Crawlers
How to Get Rid of Non-Ascii Characters in Ruby
Using Layouts in Haml Files Independently of Rails
Long Running Delayed_Job Jobs Stay Locked After a Restart on Heroku
Rails: Skinny Controller Vs. Fat Model, or Should I Make My Controller Anorexic
Ruby on Rails Callback, What Is Difference Between :Before_Save and :Before_Create
Are Crlf Lines Ok in a Rails Project Deployed on Linux
Passing Multiple Code Blocks as Arguments in Ruby
What Will Give Me Something Like Ruby Readline with a Default Value