Home/ Questions/Q 7588357
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T19:54:06+00:00

I have an issue with my login functionality. When user clicks the logout link

  • 0

I have an issue with my login functionality.

  1. When user clicks the logout link eveything works normally, session is destroyed and user can log in as a different user.

  2. If a currently signed in user closes the browser and comes back to the login page, or if the user simply presses the back button to the login page
    and attempts to sign in as a different user, the user is directed to the user previously logged in to the application on that particular browser.
    This is not wanted functionality. I would like to give the user the ability to sign into whatever account they want to regardless of
    whether or not the user backs into the login page, or closes the window and comes back to the login page.

    I have tried 6 different solutions and none of them have worked. It seems that no matter the change I make to the code the login functionality always pulls
    the user id from a session[:warden.user.person.key] hash and uses it to login no matter what is put into the login text field. I have tried to gain control of this process
    but have failed at every attempt.

    I have run out of ideas and need some help for this has been deemed a security hole in our system.
    Please let me kow what else you would like to see for code. I’m giving you the session controller code and my routes.

 
class SessionsController  Devise::SessionsController

  def new
    session["devise.omniauth_data"]=nil
    session[:last_registration_role]=nil
    super
  end
  def create
    if params['person']['remember_me'] == '1'
      cookies.signed['rem'] = {
        :value => params['person']['email'],
        :expires => 1.year.from_now,
        :httponly => true
      }
    end
    super
  end
  def destroy

    session["devise.omniauth_data"]=nil
    session[:last_registration_role]=nil
    super
    reset_session
  end    
end

Routes



                     new_person_session GET      /people/sign_in(.:format)                                                                           {:action=>"new", :controller=>"sessions"}
                                    person_session POST     /people/sign_in(.:format)                                                                           {:action=>"create", :controller=>"sessions"}
                            destroy_person_session GET      /people/sign_out(.:format)                                                                          {:action=>"destroy", :controller=>"sessions"}
                                   person_password POST     /people/password(.:format)                                                                          {:action=>"create", :controller=>"devise/passwords"}
                               new_person_password GET      /people/password/new(.:format)                                                                      {:action=>"new", :controller=>"devise/passwords"}
                              edit_person_password GET      /people/password/edit(.:format)                                                                     {:action=>"edit", :controller=>"devise/passwords"}
                                                   PUT      /people/password(.:format)                                                                          {:action=>"update", :controller=>"devise/passwords"}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In your application_controller, try setting the exact location you want people to be sent after signing in:

    def after_sign_in_path_for(resource)
  root_path
end
    • 0