从清除会话中停止设计 [英] Stop Devise from clearing session
问题描述
似乎当用户通过标准 Devise 控制器注销时,Devise 会破坏整个会话存储,而不仅仅是它自己的数据.有什么办法可以避免这种行为吗?我还有其他不相关的数据应该保留.
session[:my_var] = "123"通过设备注销...
puts session[:my_var]# =>零SessionsController 的 destroy¹ 方法包含以下行:
signed_out = Devise.sign_out_all_scopes ?签出:签出(资源名称)sign_out_all_scopes² 方法不带任何参数调用 warden.logout,sign_out³ 方法调用 warden.logout(scope).
logout⁴ 方法的文档说明:
# 退出所有人并清除会话env['warden'].logout# 注销默认用户,但保留会话的其余部分env['warden'].logout(:default)结论:当给定特定范围时,sign_out 应该保留会话.但是,我看不到任何方法可以做到这一点.sign_out_all_scopes总是首先被调用,并且只有在无法注销任何用户时才会返回false.
我建议在他们的问题跟踪器上发布功能请求或开发您自己的身份验证解决方案.Rails 现在提供 has_secure_password,而现在人们似乎倾向于后者,以避免遇到这些问题.
¹ Devise::SessionsController#destroy
² Devise::Controllers::Helpers#sign_out_all_scopes
³ Devise::Controllers::Helpers#sign_out
It seems when a user logs out via standard Devise controllers, Devise destroys the entire session store, not just its own data. Is there any way to avoid this behavior? I have other irrelevant data that should be kept around.
session[:my_var] = "123"
Log out via devise...
puts session[:my_var]
# => nil
The destroy¹ method of SessionsController contains the following line:
signed_out = Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
The sign_out_all_scopes² method calls warden.logout without any arguments, and the sign_out³ method calls warden.logout(scope).
The documentation of the logout⁴ method states:
# Logout everyone and clear the session env['warden'].logout # Logout the default user but leave the rest of the session alone env['warden'].logout(:default)
Conclusion: sign_out should preserve the session when given a specific scope. However, I don't see any way to do that. sign_out_all_scopes is always called first, and will only return false if it couldn't log any user out.
I recommend either posting a feature request on their issue tracker or developing your own authentication solution. Rails now provides has_secure_password, and these days people seem to be going for the latter in order to avoid running into these problems.
¹ Devise::SessionsController#destroy
² Devise::Controllers::Helpers#sign_out_all_scopes
³ Devise::Controllers::Helpers#sign_out
这篇关于从清除会话中停止设计的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
