Devise force logout for some users from Rails App

Question

Is it possible to force logout for SOME of the users through Devise.

In my setup, I am using rails 4.1.15 with Devise 1.5.4. Sessions are persisted in db and there is no direct mapping with user ids. Is there a Devise way to logout against some of the users NOT ALL.

I tried resetting password as a proxy which logs out immediately but not always.

user_obj.update_attributes(:password => "some_random_string")

Answer 1

Time to exhume this one. The only way I was able to solve this issue was by accessing the sessions. It is slow but it works.

  def sign_out_different_user
    @user = User.find(params[:id])
    sessions = ActiveRecord::SessionStore::Session.where("updated_at > ?", Time.now - 480.minutes).all
    sessions.each do |s|
      if s.data['user_email'] == @user.email
        s.delete and return
      end
    end
  end

I needed to change the session expiration on the user object for my purposes, so I added this into the method, as well. YMMV

 @user.session_expires_at = Time.now
 @user.save

Answer 2

I can propose you next solution.

Add a new column for admin that called force_logout:boolean

In any your controller add a new action to set force_logout to true. Ex.:

# in admins_controller.rb

def force_logout
  admin = Admin.find(params[:id])
  admin.update_column(:force_logout, true)
  redirect_to :back
end

In application_controller.rb add before_action to logout user if force_logout is true

before_action :check_force_logout

def check_force_logout
  if current_user && current_user.force_logout?
    current_user.update_column(:force_logout, false)
    sign_out(current_user)
  end
end

Too you need reset force_logout column after admin will be signed in. Usually you can do it session_controller.rb in action create.