How does Devise reset the session after sign in? (aka How can I persist session data after sign in?)

[Chris Bloom]

I'm working on upgrading a Rails app from 2.3 and Devise 1.0.11. I'm currently at Rails 3.2 with Devise 2.0.6. Previously, I had an initializer that override `ActionController::Request#reset_session` so that I could persist any items in a users shopping cart across any devise actions. Session handling works much differently in Rails 3.2 as I've discovered and I'm having trouble getting this functionality working again. I've set `config.sign_out_all_scopes = false` which means it works properly when a user signs out, but I'm still having trouble with persisting across a sign in. I've traced the sign in process from `Warden::Proxy#authenticate!` all the way through `respond_with resource, :location => after_sign_in_path_for(resource)` at the end of the Devise::SessionsController#create method, and `request.session_options[:id]` remains the same for the duration of the request. However, as soon as the redirect is followed there's suddenly a new session ID. Can you tell me how this is triggered in Devise?

[nadeem yasin]

Any updates here Chris? Struggling with the same issue.

[Chris Bloom]

The client canceled the upgrade, so we never completed this functionality. Looking over the old commits, I found the following note regarding that. Maybe it will point you towards a solution.

class ActionDispatch::Request

  # TODO Broken in Rails 3.2. No way to regenerate a new session ID

  # Fix this once we get to Rails 4 which has a session#destroy method

  # http://www.rubydoc.info/docs/rails/ActionDispatch/Request/Session:destroy

  # TODO We used to override a Warden method - better to do that again? Are 

  # there times when we really do want to clear the whole thing? (We do, but

  # usually manually, after a customer checks out.)

  def reset_session_with_shopping_cart_persistence

    Rails.logger.warn("Trying to persist shopping cart across logout, but it's not working in this version of Rails")

    

    old_session_id = session_options[:id]

    

    reset_session_without_shopping_cart_persistence

        

    new_session_id = session_options[:id]

    if new_session_id != old_session_id

      OrderedProduct.update_all(

        ["session_id = ?", new_session_id],

        ["session_id = ?", old_session_id]

      )

    end

  end

  alias_method_chain :reset_session, :shopping_cart_persistence

end

--

---
You received this message because you are subscribed to a topic in the Google Groups "Devise" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/plataformatec-devise/xKjWrskSQvE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to plataformatec-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.