sorcery
sorcery copied to clipboard
Sorcery with devise
I find some problem when using sorcery and devise together. If I login with devise after login and logout with sorcery then device’s session will be destroyed
I'm using rails 4.1.5, sorcery 0.8.6, devise 3.4.1, activerecord-session_store 0.1.0
It caused by this code:
https://github.com/NoamB/sorcery/blob/master/lib/sorcery/controller.rb#L55
def logout
if logged_in?
@current_user = current_user if @current_user.nil?
before_logout!(@current_user)
reset_sorcery_session
after_logout!
@current_user = nil
end
end
def reset_sorcery_session
reset_session # protect from session fixation attacks
rescue NoMethodError
end
When we call logout - then all session data will be removed.
In my case I fix so:
def reset_sorcery_session
session.delete(:user_id)
session.delete(:return_to_url)
session.delete(:last_action_time)
session.delete(:login_time)
end
Hi @Paxa,
thanks for report, I'm aware of issues with resetting session, it's on my list of things to review and fix. I was thinking about adding prefix to attributes that Sorcery sets in session, I just need to figure out how to do it so that developers can update their apps without logging out all the users.
Would this change allow me to run multiple Sorcery sessions on one OS image?
@TechRsch I don't think so, this will just keep non-sorcery keys in session left untouched after user logs out. Still if user logs out, remember_me_token
and remember_me_expires_at
attributes will be set to nil
. These are 2 separate issues on which I'm working, and which both I hope to resolve within the next few weeks.
Hi @arnvald, did you ever get anywhere with this one? :)
@brendon come join us on the new repo over at the new repo https://github.com/Sorcery/sorcery.
Unfortunately using Sorcery with Devise isn't a supported use case at the moment.
Thanks @Ch4s3, I didn't realised it had moved :) I use Sorcery in my main app but active_admin uses devise. So far this is the only conflict I've found :)
@brendon ahh good old active admin. If you file an issue over at the new repo, we'll take a look. A demo app might be helpful.