It seems when a user logs out via standard Devise controllers, Devise destroys the

Question

0

Asked: June 2, 20262026-06-02T05:10:33+00:00 2026-06-02T05:10:33+00:00

It seems when a user logs out via standard Devise controllers, Devise destroys the

0

It seems when a user logs out via standard Devise controllers, Devise destroys the entire session store, not just its own data. Is there any way to avoid this behavior? I have other irrelevant data that should be kept around.

session[:my_var] = "123"

Log out via devise…

puts session[:my_var]
# => nil

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-02T05:10:34+00:00

The destroy¹ method of SessionsController contains the following line:

signed_out = Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)

The sign_out_all_scopes² method calls warden.logout without any arguments, and the sign_out³ method calls warden.logout(scope).

The documentation of the logout⁴ method states:

# Logout everyone and clear the session
env['warden'].logout

# Logout the default user but leave the rest of the session alone
env['warden'].logout(:default)

Conclusion: sign_out should preserve the session when given a specific scope. However, I don’t see any way to do that. sign_out_all_scopes is always called first, and will only return false if it couldn’t log any user out.

I recommend either posting a feature request on their issue tracker or developing your own authentication solution. Rails now provides has_secure_password, and these days people seem to be going for the latter in order to avoid running into these problems.

¹ Devise::SessionsController#destroy

² Devise::Controllers::Helpers#sign_out_all_scopes

³ Devise::Controllers::Helpers#sign_out

⁴ Warden::Proxy#logout