问题
I would like authogic to never set a user_credentials cookie, and only use the standard Rails session cookie.
I see Session is included in Authlogic::Session::Session::Base after Cookies. If I log into my app and then delete the user_credentials cookie, I still stay logged in. So apparently authlogic is storing the credentials in both places and checking both places? Or ignoring the cookie but still setting it? How can I have it never set or reference the user_credentials cookie?
回答1:
According to the answer to my question here…
How can I remove callbacks inserted by vendor code?
…the answer to THIS question is to do this above my UserSession definition:
Authlogic::Session::Base.after_save.delete_if{ |callback| callback.method == :save_cookie }
class UserSession < Authlogic::Session::Base
end
回答2:
If you use vendored authlogic then you can prevent to user_credentials cookie by using and change some code on save_cookie method on "authlogic-2.1.5/lib/authlogic/session/cookies.rb"
来源:https://stackoverflow.com/questions/3162867/how-can-i-get-authlogic-to-use-the-rails-session-instead-of-its-own-cookie