After upgrading to Rails 3.2.2 and Devise 2.0.4, logout does not destroy session
Question
After upgrading my rails project to rails 3.2.2 and Devise 2.0.4, I am no longer able to logout. I am not experiencing this issue ; instead, clicking logout does not properly leave me in a logged-out state, the user object is still valid and there is still a current_user. Here is what is in my logs:
Started DELETE "/users/sign_out" for 127.0.0.1 at 2012-03-16 20:54:56 -0400
Processing by Devise::SessionsController#destroy as */*
Redirected to http://localhost:3000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
So, it's being routed correctly. I attempted to reinstall devise with no luck.
In my attempts to debug, I inserted the line:
= session.inspect
Into my template. What I found is the following:
{"session_id"=>"XXXXXXXXXX4b2aa9600eb3bee9921e05", "warden.user.user.key"=>["User", [1], "$2a$10$3/l/XXXXXXXXXXdhS.KCRe"], "_csrf_token"=>"XXXXXXXXXXVSp805CEN8U+GA4FcSWupcVLPH1RoacE8="}
Session_id and _csrf_token would change after every attempted logout, but warden.user.user.key would not change. (Note that I have blanked out the initial 10 chars of each string).
Can anyone explain this behavior?
Thanks!
1 answers
solution1
0 ACCPTED 2012-03-17 02:51:56
I think this has something to do with a pre-Devise 2.0.4 session cookie. When I open up "Incognito" in my Chrome, it works as expected.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.