This repository has been archived by the owner on Aug 20, 2019. It is now read-only.
Devise auth_token is not linked to IP address #66
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The auth token used by Devise should only be valid when it is used by the same IP address and user agent. Currently a request from a different IP with a valid auth token will succeed. This is bad.
This might be able to be fixed using
find_for_authenticationinDevise::Models::Authenticatable.The text was updated successfully, but these errors were encountered: