activerecord-session_store icon indicating copy to clipboard operation
activerecord-session_store copied to clipboard

Published 20 hours ago verified publisher icon rails

Session isn't reset after logging out

Open jamesfzhang opened this issue 8 years ago • 2 comments

In my app, the user can login via oauth (using omniauth). They log out by calling Devise::SessionsController#destroy. When this happens, current_user is nil, and the session object is reset. All good, seemingly.

However, when the user tries to login via oauth again, and the omniauth callback gets called, current_user is already present! In the callback, session.to_json returns a valid session with the user that was previously logged in. This makes me think that the session isn't resetting properly during logout. I've spent a fair amount of time trying to debug this line by line but haven't gotten anywhere. Has anyone else experienced this problem?

I read over this issue but that was for cookie-store only.

jamesfzhang avatar Jun 03 '16 18:06 jamesfzhang

This makes me think that the session isn't resetting properly during logout.

is the record still in the table or not after the log-out ?

jasonfb avatar Nov 03 '19 12:11 jasonfb

I have the same issue, I delete all sessions in the database, but our devise user still stays logged in and the session gets recreated? wtf

h0jeZvgoxFepBQ2C avatar Oct 17 '22 12:10 h0jeZvgoxFepBQ2C