Reputation: 6555
Why can't I log out users using Devise?
Using Rails 4.2 and having the following gems installed.
gem 'turbolinks'
gem 'jquery-ui-rails'
gem "devise_ldap_authenticatable"
Everything from what I can tell works fine, except when I click my logout link...
<%= link_to "Logout", destroy_user_session_path, method: :delete, :data => { :no_turbolink => true } %>
It properly redirects the user back to the sign in page on production, but If I refresh that sign_in page I'm sent back to the my root page with a notice message saying "You are already signed in.". My action for the destroy_user_session_path contains the following:
# DELETE /resource/sign_out
def destroy
cookies.delete(:auth_token)
reset_session
super
end
When I do the same steps in my development environment everything works fine, but on production I get the behavior I described above. I also tried, as some posts have recommended, changing the destroy from a :delete method to a :get (even though this seems very incorrect) but that didn't work. I also checked that my application.html.erb had the following line in it: <%= csrf_meta_tags %> -- it does. And finally here's my (probably too massive) lists of javascript includes...
//= require jquery
//= require jquery-ui
//= require jquery_ujs
//= require jquery.turbolinks
//= require jquery.tokeninput
//= require jquery-ui/autocomplete
// for bootstrap 4 add tether below
//= require turbolinks
//= require nprogress
//= require nprogress-turbolinks
//= require nested_form_fields
//= require highcharts
//= require highcharts/highcharts-more
//= require highcharts/modules/exporting
//= require bootstrap-sprockets
//= require bootstrap-multiselect
//= require_tree .
If I forgot anything please let me know and I'll include it. Thanks!
Update (Added destroy action)
# DELETE /resource/sign_out
def destroy
cookies.delete(:auth_token)
reset_session
super
end
Upvotes: 1
Views: 746
Answers (1)
Reputation: 1434
Maybe try deleting the entire session not just the auth_token. I'm using same Devise setup above with the exception of devise_ldap_authenticator. Rails 4
# app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
def destroy
session.delete(:user_id)
end
end
Then in the view
# To log out
<%= link_to "Log Out", destroy_user_session_path, :method => 'delete'%>
In my gemfile i'm using active-record session-store:
gem 'activerecord-session_store', github: 'rails/activerecord-session_store'
And in an initializer
Rails.application.config.session_store :active_record_store
Upvotes: 1
Related Questions
- Ruby on Rails - devise users/sign_out not working
- Rails 4 devise: How to log out all users
- Logout users with devise gem rails
- Log out all user with Devise
- Log Out on devise does nothing
- Logging out using devise - I'm getting the right routes but it's not logging out
- Devise Sign Out/Log Out not working with Rails 4
- Signing out with Devise not working
- rails- devise - can't log out
- Unable to Sign-out using Devise