sorcery icon indicating copy to clipboard operation
sorcery copied to clipboard

Published 20 hours ago verified publisher icon NoamB

Sorcery with devise

Open Paxa opened this issue 9 years ago • 7 comments

I find some problem when using sorcery and devise together. If I login with devise after login and logout with sorcery then device’s session will be destroyed

I'm using rails 4.1.5, sorcery 0.8.6, devise 3.4.1, activerecord-session_store 0.1.0

It caused by this code:

https://github.com/NoamB/sorcery/blob/master/lib/sorcery/controller.rb#L55

def logout
  if logged_in?
    @current_user = current_user if @current_user.nil?
    before_logout!(@current_user)
    reset_sorcery_session
    after_logout!
    @current_user = nil
  end
end

def reset_sorcery_session
  reset_session # protect from session fixation attacks
rescue NoMethodError
end

When we call logout - then all session data will be removed.

In my case I fix so:

def reset_sorcery_session
  session.delete(:user_id)
  session.delete(:return_to_url)
  session.delete(:last_action_time)
  session.delete(:login_time)
end

Paxa avatar Feb 09 '15 12:02 Paxa

Hi @Paxa,

thanks for report, I'm aware of issues with resetting session, it's on my list of things to review and fix. I was thinking about adding prefix to attributes that Sorcery sets in session, I just need to figure out how to do it so that developers can update their apps without logging out all the users.

arnvald avatar Feb 13 '15 15:02 arnvald

Would this change allow me to run multiple Sorcery sessions on one OS image?

TechRsch avatar Feb 28 '15 14:02 TechRsch

@TechRsch I don't think so, this will just keep non-sorcery keys in session left untouched after user logs out. Still if user logs out, remember_me_token and remember_me_expires_at attributes will be set to nil. These are 2 separate issues on which I'm working, and which both I hope to resolve within the next few weeks.

arnvald avatar Mar 01 '15 05:03 arnvald

Hi @arnvald, did you ever get anywhere with this one? :)

brendon avatar Jan 25 '18 03:01 brendon

@brendon come join us on the new repo over at the new repo https://github.com/Sorcery/sorcery.

Unfortunately using Sorcery with Devise isn't a supported use case at the moment.

Ch4s3 avatar Jan 26 '18 15:01 Ch4s3

Thanks @Ch4s3, I didn't realised it had moved :) I use Sorcery in my main app but active_admin uses devise. So far this is the only conflict I've found :)

brendon avatar Jan 26 '18 20:01 brendon

@brendon ahh good old active admin. If you file an issue over at the new repo, we'll take a look. A demo app might be helpful.

Ch4s3 avatar Jan 30 '18 16:01 Ch4s3