Minimalism
Reputation: 109
How to delete session in rails?
I am able to log in into application even after logging out, by clicking the back button on search bar.
For some strange reasons, I am not able to delete the session completely.
I am not using any gem. I want to create rails authentication from scratch.
Sessions Controller:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
reset_session
redirect_to root_path
end
end
Application Helper
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user,:logged_in?, :logged_in_user,:current_user
def log_in(user)
session[:user_id] = user.id
end
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def logged_in?
!current_user.nil?
end
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to new_session_path
end
end
def current_user?(user)
user == current_user
end
end
Allpication.html.erb
<body>
<div class="container">
<% flash.each do |message_type, message| %>
<div class="alert alert-<%= message_type %>"><%= message %></div>
<% end %>
<header>
<% if logged_in? %>
<%= link_to "Log out", sessions_path, method: "delete" %>
<%= link_to "Edit", edit_user_path(current_user) %>
<% else %>
<li>
<%= link_to "Sign Up", new_user_path %>
</li>
<li>
<%= link_to "Log in", new_sessions_path %>
</li>
<% end %>
</header>
<%= yield %>
</div>
</body>
Please help me. I am going nuts.
User Controller
class UsersController < ApplicationController
before_action :logged_in_user, only: [:new, :show, :edit, :update]
before_action :correct_user, only: [:new, :show, :edit, :update]
def index
@users = User.all
end
def new
@user = User.new
end
def create
@user = User.new(set_params)
if @user.save
redirect_to new_session_url
else
render 'new'
end
end
def show
@user = User.find(params[:id])
@posts = @user.posts
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update(update_params)
redirect_to @user
else
render 'edit'
end
end
private
def set_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def update_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_url) unless current_user?(@user)
end
end
User is able to log in only he/she logged in.
I have updated my code as per what i have been suggested or what i have i tried.
Upvotes: 1
Views: 2076
Answers (1)
Kalman
Reputation: 8131
As pointed out in the comments, this is happening because Rails is caching.
You can do the following to get around this issue.
In your ApplicationController, put the following code
class ApplicationController < ActionController::Base
before_action :set_cache_buster
private
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
end
Upvotes: 1
Related Questions
- rails delete user session path
- How to clear rails sessions table
- How would I clear all rails sessions?
- session.destroy in controller
- How to empty/destroy a session in rails?
- Can't delete session properly in rails
- Clear all sessions in Rails 5
- Destroying all sessions in rails 3
- Clearing out session data in a Rails application
- how do we delete sessions in rails?