Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Persistance order #63

Bertg opened this Issue · 2 comments

3 participants



Currently the persistence order of Authlogic is this:
[:persist_by_params, :persist_by_cookie, :persist_by_session, :persist_by_http_auth]

This - according to me - is not logically correct. persistence by session should come before persistence by cookie.

:persist_by_cookie is enabling the "remember me" functionality, and could be perceived as an "automated re-login" system. There are many possible use cases where a client would want to track these "automated logins".
Currently this can be done by overriding (or chaining) the persist_by_cookie method. However it is always called.

By moving the :persist_by_session callback up one spot, the :persist_by_cookie will only be called if there is no session available and can then be truly seen as "automated login"


When system user multiple domains, it may be helpful disable :persists_by_cookie at all. For example, I want to logout user from all domains. I'll drop rails session from database, and it will be new session created at next request. Is there any convenient way to disable persistence by cookie?

For now I use following initializer

Authlogic::Session::Base.persist_callback_chain.reject! {|c| c.method == :persist_by_cookie}

But this code kills 'remember me' feature


+1 on this. It'd actually be nice to reorder Authlogic callbacks (different apps have different use cases). The biggest barrier to this is probably a lack of reordering in ActiveSupport::Calbacks.

@Bertg Bertg closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.