Devise: Cannot sign out and session switch

Created on 4 Apr 2017  路  5Comments  路  Source: heartcombo/devise

I have a really disturbing and dangerous behavior for my app right now.

The problem is:

  • I log as User 1
  • I log out
  • I log as User 2
  • I change the page (or the locale) : I'm on the application but logged as USER 1 !!!!
  • I cannot log out, I have a Can't verify CSRF token authenticity in the logs

It's only happening in staging, cannot reproduce in development. My project is in Rails 5 and Devise 4.2.0
We did not see it happen before adding locale management, but maybe it has no link with it.

It really look like logout does not totally erase the session of User 1, and causes both sessions to be mixed

I think it's a problem with cookies and/or cache because everything is fine once I disable cache but I really don't know how to handle this in my application.

Needs more info
Source
picture Kounts

Most helpful comment

Facing a similar issue where Devise isn't actually deleting cookies (Rails 5). Did you manage to find a solution?

EDIT: Nvm, my issue was caused by having Sidekiq open in a seperate tab, which was overwriting my session and signing me back in a few seconds after sign out!

picture dhruvbhatia on 23 Sep 2017
👍3

All 5 comments

I have a similar issue but in my case I get Password reset token expires when i try to reset my password. I have two locale en and pt and my default locale is pt but if I updated my default locale to en then the issue persist

sushant12 picture sushant12 on 25 May 2017

Facing a similar issue where Devise isn't actually deleting cookies (Rails 5). Did you manage to find a solution?

EDIT: Nvm, my issue was caused by having Sidekiq open in a seperate tab, which was overwriting my session and signing me back in a few seconds after sign out!

dhruvbhatia picture dhruvbhatia on 23 Sep 2017
👍3

Hi @Kounts, thanks for your report.
Can you provide us a sample application that reproduces the issue in isolation?
That would help us find the issue.

Thank you!

tegon picture tegon on 15 Dec 2017

Sorry, I clicked on the wrong button 馃槥

tegon picture tegon on 15 Dec 2017

I'm closing this issue because it has not had recent activity.
If you're still facing this on the latest version, please open a new one with all the information requested in the template.

Thank you!

tegon picture tegon on 11 Jan 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Pedroknoll picture Pedroknoll  路  3Comments
cheung-chifung picture cheung-chifung  路  4Comments
edipox picture edipox  路  4Comments
JanBussieck picture JanBussieck  路  3Comments
afuno picture afuno  路  3Comments