Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Save session.id in cookie instead of user.id to allow expiration #44

Closed
mikker opened this issue Feb 22, 2019 · 3 comments
Closed

Save session.id in cookie instead of user.id to allow expiration #44

mikker opened this issue Feb 22, 2019 · 3 comments
Labels
breaking change help wanted

Comments

@mikker
Copy link
Owner

mikker commented Feb 22, 2019

When we authenticate_by_cookie we find the user by the saved user_id in the cookies. This means we don't actually know when their session expires.

Instead we'll save the session.id and look up the user from that. That way we'll know if the session has expired too. We might even want to check for this on every sign-in-required request?
@mikker
Copy link
Owner Author

mikker commented Feb 22, 2019

This is breaking because it means signing out everyone after upgrading.

Perhaps there's an easy enough upgrade path of fall back to looking up session with something like fallback_session = user.find(cookies[:user_id])&.sessions.valid.first

@mikker
Copy link
Owner Author

mikker commented Feb 22, 2019

Consider that possibly breaking change then 😄

@JoeSouthan JoeSouthan mentioned this issue May 7, 2019
Closed
@mikker
Copy link
Owner Author

mikker commented Aug 14, 2019

Closed by #53

@mikker mikker closed this as completed Aug 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking change help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Save session.id in session JoeSouthan/passwordless
1 participant
@mikker