在Rails中使用Devise登出特定用户 [英] Sign out specific user with Devise in Rails

问题描述

我有Devise用户认证。
我想要登出具有特定ID的用户。

在我的控制器中

  def exit 
 @user = User.find（5）
 sign_out（@user）＃这行在这里注销current_user 
 end 
  

设计的登出命令，即使我传递了@user，它会注销current_user。
如何从数据库中选择用户并使用devise命令登录？

解决方案

我假设这是某个管理模块的一部分，您要在其中注销特定的用户。

但是，这不是容易解决。用户是否登录是否存储在会话中。所以要签出另一个用户，你必须有权访问它的会话。

注意：afaik sign_out 方法仅适用于当前会话，或者可能通过监护人（不知道监护人很好）它可以扩展到当前服务器所触及的所有会话。但是，如果你使用乘客，或某种形式的rails服务器集群（这是很常见的），afaik这将不起作用。我会有兴趣听到其他的，有一些解释:) sign_out 使用给定的参数来确定从（afaik）当前会话退出的范围。 p>

所以我们通常做的是添加一种紧急按钮来登出所有用户：哪个会破坏所有会话。请注意，这当然只有在使用某些数据库或文档存储支持的会话存储时才可能。

或者，您可以打开所有会话，并查找正确的会话对于您的用户），然后销毁这些会话。

要从存储在activerecord中的特定会话读取数据，可以写下列内容：

  @session = ActiveRecord :: Base.connection.select_all（SELECT * FROM sessions WHERE session_id ='＃{sess_id}'）
 Marshal.load（ActiveSupport :: Base64.decode64（@ session.data））
  

有其他方法

• 使用超时模块，并强制用户超时？ li>
  
• 如果您使用可记住，您可以执行 @ user.forget_me ，但我不确定这是否真的影响当前会话？

I have Devise for user authentication. I want to sign out a user with a specific id.

in my controller

  def exit
    @user = User.find(5)
    sign_out(@user) # this line here signs out the current_user   
  end

The sign out command of devise, even though I pass the @user, it signs out the current_user. How can I select a user from the database and sign him out with the devise commands?

解决方案

I am assuming this is part of some admin module, where you want to sign out a particular user.

However, this is not easy to solve. Whether or not a user is signed in or not is stored in the session. So to sign out another user, you would have to have access to its session.

Note: afaik the sign_out method only works in the current session, or maybe through warden (do not know warden well enough) it could extend to all sessions this current server has ever touched. However: if you use passenger, or some form of rails server cluster (which is pretty common), afaik this will not work. I would be interested to hear otherwise, with some explanation :) The sign_out uses the given parameter to determine the scope to sign out from in (afaik) the current session.

So what we generally did was add a kind of emergency button to sign out all users: which destroys all sessions. Note this is of course only possible if you use some database or document-store backed session-store.

Alternatively you could open all sessions, and look for the correct session (for your user), and then destroy those sessions.

To read data from a specific session in stored in activerecord, you can write the following:

@session = ActiveRecord::Base.connection.select_all( "SELECT * FROM sessions WHERE session_id = '#{sess_id}'" )
Marshal.load(ActiveSupport::Base64.decode64(@session.data))

There are alternative approaches:

• use Timeoutable module, and force a timeout for a user?
• if you use Rememberable you could do @user.forget_me, but I am not sure that this actually affects the current session?

这篇关于在Rails中使用Devise登出特定用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！