Reputation: 4053
Do we need to delete session variables after user logout?
In Ruby on Rails :
suppose I am having session[:my_var] = 'my_val'
So here my question is :
Do we need to set session[:my_var]=nil before user's sign-out?
or it will auto release the memory it has.
Upvotes: 5
Views: 8294
Answers (3)
Reputation: 1869
If you have set up your authentication code properly, that should handle the release from memory. Here is how I did it in one of my apps:
#sessions_controller
def destroy
reset_session
redirect_to login_path, notice: 'Logged out'
end
Upvotes: 2
Reputation: 4404
Ruby on Rails doesn't know what you want to keep or not when a user signs-out.
Say for example you have a session[:language] that is useful for every user, even anonymous ones. You wouldn't want to erase it to display the default language after the user has gone through the trouble of selecting one in particular.
So, delete the session objects you need to, like session[:user]=nil and keep the rest. If you have a lot of them to delete, make yourself a logout helper.
If you know you can swipe the whole session, use the reset_session like @adcosta said.
Upvotes: 5
Related Questions
- What is the best way to clear a session variable in rails?
- How to empty/destroy a session in rails?
- When is a session destroyed in rails?
- Are all session data preserved in client cookie after logout in rails 4?
- rails: is there any need to delete session variable (cookie based session store)?
- Destroying Sessions Issue Rails 4
- Session's storage and expiration in Rails
- Empty/delete a session object
- Rails v3 session destroy doesn't work?
- Clearing out session data in a Rails application