My devise users are "database_authenticatable" and "token_authenticatable". I've tried deleting the "authentication_token" field in the database for that user from the console, but they still seem to be able to use their existing auth token. Deleting the user entirely works, but I don't want to go that far.
Edit: for clarity. I want to use the rails console to sign out a user. i.e. run rails console and then some command.
Devise provide helper methods to do these things.
user = User.find(params[:id])
sign_in user
sign_out user
Hope this helps.
If you are using Devise you could use the below in your rails console. This works perfect for me as in my app if you are using only 1 session per user account. I am storing my sessions in redisDB.
user = User.first
user.update_attributes(unique_session_id: "")
All I had to do was clear my users unique_session_id for that user and rails kicks the user out of the session.
But for multiple sessions for the same User account this does not work.
If you want to clear all user sessions you can do the below from terminal
rake db:sessions:clear
You may be able to use the helpers that others have mentioned after including the necessary module:
include Devise::Controllers::SignInOut
source: Module: Devise::Controllers::SignInOut
There's also another SO question where someone shares a method that doesn't involve using Devise helpers here.
I'm not a fan of the sign_out @user pattern because, at least for the devise version I'm using, that signs out the current user, regardless of the argument I pass it. If you're storing sessions in your database then you can do this:
@user.update_attributes(current_sign_in_token: "")
TBH I don't think that's the best way to do it, but it's the best way I've seen in my own research.
Seems attribute tokens save sessions:
user.tokens = nil
user.save
I believe you can simply update the password_salt and it will invalidate the user session on their next request.
user = User.first
user.update_column(:password_salt, 'reset')
Reference: http://www.jonathanleighton.com/articles/2013/revocable-sessions-with-devise/
You can create a logout link in views->layouts->application.html.erb as:-
<= link_to 'Log Out', destroy_user_session_path, method: :delete %>
It worked for me - hope it does for others as well.
来源:https://stackoverflow.com/questions/28935054/how-can-i-sign-out-a-devise-user-from-the-rails-console