There are many posts about Devise and the lack of availability of "current_user" for use in models. There are numerous work arounds posted here and elsewhere. However, i haven't found the answer to "why" in any of the posts. Is this a security issue? If not, why?
Because you don't have access to a session variable inside a model, it's not a Devise issue or something related to security. It's related to the MVC pattern used in Rails.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.