Reputation: 1687
Devise after :confirmable on ruby rails
After the user confirms his account, when he clicks in the link sent to his email, he automatically signs in. How can I disable this characteristic? is it possible?
Upvotes: 0
Views: 558
Answers (1)
Reputation: 2923
This was the default behaviour in versions of devise before 3.1 and as far as I know there is no trivial way to change it. I think you would need to override devise's ConfirmationsController.
The behaviour changed in 3.1, so that the default is that the user is not logged in after using the confirmation link. If you wanted to retain the old behaviour of logging in, you would need to have config.allow_insecure_sign_in_after_confirmation = true in your config/initializers/devise.rb.
As discussed in the comments, upgrading from devise 2.2.4 to 3.2.4 resulted in the behaviour changing to be what you wanted.
Devise 3.1 introduced a number of other security-related changes. More information is available here: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/
Note that one of the other changes in 3.1 was that confirmation/reset/unlock tokens are stored digested in the database, so previously-stored tokens won't work unless you set config.allow_insecure_token_lookup = true in your config/initializers/devise.rb, ideally temporarily so users who just requested a token can use it but after removal of this line all future lookups will assume digested tokens are in the db. See the above link for more detail.
Upvotes: 1
Related Questions
- devise confirmable not working in newest version
- Rails Devise: after_confirmation
- devise reconfirmable
- devise confirmable on rails 5 not working
- Rails Devise confirmable error
- How do I enable :confirmable in Devise?
- Devise - cant add confirmation functionality
- Devise confirmable issue
- Devise.rb Confirmable Not Working
- Rails devise 1.3.4 confirmable