[英]After upgrading to Rails 3.2.2 and Devise 2.0.4, logout does not destroy session
After upgrading my rails project to rails 3.2.2 and Devise 2.0.4, I am no longer able to logout. 将Rails项目升级到Rails 3.2.2和Devise 2.0.4后,我不再能够注销。 I am not experiencing this issue ;
我没有遇到这个问题 ; instead, clicking logout does not properly leave me in a logged-out state, the user object is still valid and there is still a current_user.
相反,单击注销并不能使我正确地处于注销状态,该用户对象仍然有效,并且仍然有current_user。 Here is what is in my logs:
这是我的日志中的内容:
Started DELETE "/users/sign_out" for 127.0.0.1 at 2012-03-16 20:54:56 -0400
Processing by Devise::SessionsController#destroy as */*
Redirected to http://localhost:3000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
So, it's being routed correctly. 因此,它的路由正确。 I attempted to reinstall devise with no luck.
我尝试重新安装装置,但没有运气。
In my attempts to debug, I inserted the line: 在尝试调试时,我插入了以下行:
= session.inspect
Into my template. 进入我的模板。 What I found is the following:
我发现以下内容:
{"session_id"=>"XXXXXXXXXX4b2aa9600eb3bee9921e05", "warden.user.user.key"=>["User", [1], "$2a$10$3/l/XXXXXXXXXXdhS.KCRe"], "_csrf_token"=>"XXXXXXXXXXVSp805CEN8U+GA4FcSWupcVLPH1RoacE8="}
Session_id and _csrf_token would change after every attempted logout, but warden.user.user.key would not change. 每次尝试注销后,Session_id和_csrf_token都会更改,但warden.user.user.key不会更改。 (Note that I have blanked out the initial 10 chars of each string).
(请注意,我已经清空了每个字符串的前10个字符)。
Can anyone explain this behavior? 谁能解释这种行为?
Thanks! 谢谢!
I think this has something to do with a pre-Devise 2.0.4 session cookie. 我认为这与Devise 2.0.4之前的会话Cookie有关。 When I open up "Incognito" in my Chrome, it works as expected.
当我在Chrome中打开“隐身”时,它可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.