daveomcd daveomcd - 12 days ago 5
Ruby Question

Why can't I log out users using Devise?

Using Rails 4.2 and having the following gems installed.

gem 'turbolinks'
gem 'jquery-ui-rails'
gem "devise_ldap_authenticatable"


Everything from what I can tell works fine, except when I click my logout link...

<%= link_to "Logout", destroy_user_session_path, method: :delete, :data => { :no_turbolink => true } %>


It properly redirects the user back to the sign in page on production, but If I refresh that sign_in page I'm sent back to the my root page with a notice message saying "You are already signed in.". My action for the destroy_user_session_path contains the following:

# DELETE /resource/sign_out
def destroy
cookies.delete(:auth_token)
reset_session
super
end


When I do the same steps in my development environment everything works fine, but on production I get the behavior I described above. I also tried, as some posts have recommended, changing the destroy from a
:delete
method to a
:get
(even though this seems very incorrect) but that didn't work. I also checked that my application.html.erb had the following line in it:
<%= csrf_meta_tags %>
-- it does. And finally here's my (probably too massive) lists of javascript includes...

//= require jquery
//= require jquery-ui
//= require jquery_ujs
//= require jquery.turbolinks
//= require jquery.tokeninput
//= require jquery-ui/autocomplete

// for bootstrap 4 add tether below
//= require turbolinks
//= require nprogress
//= require nprogress-turbolinks
//= require nested_form_fields
//= require highcharts
//= require highcharts/highcharts-more
//= require highcharts/modules/exporting
//= require bootstrap-sprockets
//= require bootstrap-multiselect
//= require_tree .


If I forgot anything please let me know and I'll include it. Thanks!

Update (Added destroy action)

# DELETE /resource/sign_out
def destroy
cookies.delete(:auth_token)
reset_session
super
end

Answer

Maybe try deleting the entire session not just the auth_token. I'm using same Devise setup above with the exception of devise_ldap_authenticator. Rails 4

# app/controllers/sessions_controller.rb
class SessionsController < ApplicationController

    def destroy
        session.delete(:user_id)
    end
end

Then in the view

# To log out
<%= link_to "Log Out", destroy_user_session_path, :method => 'delete'%>

In my gemfile i'm using active-record session-store:

gem 'activerecord-session_store', github: 'rails/activerecord-session_store'

And in an initializer

Rails.application.config.session_store :active_record_store
Comments