Closed
Description
I'm using such submodules:
[:remember_me, :reset_password, :user_activation, :brute_force_protection, :session_timeout, :activity_logging]
I logged in with remember_me option. And leaved tab opened for more that 1 hour. Then I reloaded page and was redirected to login page. Then I reloaded page again and I was logged in. So I started digging code and found this:
base.prepend_before_action :validate_session
def validate_session
session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
if session_to_use && sorcery_session_expired?(session_to_use.to_time)
reset_sorcery_session
# USER IS DEFINED THERE
@current_user = nil
else
session[:last_action_time] = Time.now.in_time_zone
end
end
sorcery/lib/sorcery/controller.rb
Line 82 in a873231
def current_user
unless defined?(@current_user)
# USER IS DEFINED SO THIS WILL BE SKIPPED IN CURRENT REQUEST
@current_user = login_from_session || login_from_other_sources || nil
end
@current_user
end
So maybe remove_instance_variable :@current_user if defined? @current_user will be better option. And IMHO this should be done everywhere where user is settled to nil.
And also I found this place. I don't understand the reason of that ELSE block:
Metadata
Metadata
Assignees
Labels
No labels