I would like authogic to never set a user_credentials cookie, and only use the standard Rails session cookie.
I see Session is included in Authlogic::Session::Session::Base after Cookies. If I log into my app and then delete the user_credentials cookie, I still stay logged in. So apparently authlogic is storing the credentials in both places and checking both places? Or ignoring the cookie but still setting it? How can I have it never set or reference the user_credentials cookie?
According to the answer to my question here…
How can I remove callbacks inserted by vendor code?
…the answer to THIS question is to do this above my UserSession definition:
Authlogic::Session::Base.after_save.delete_if{ |callback| callback.method == :save_cookie }
class UserSession < Authlogic::Session::Base
end
If you use vendored authlogic then you can prevent to user_credentials cookie by using and change some code on save_cookie method on "authlogic-2.1.5/lib/authlogic/session/cookies.rb"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With