-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expire_session_data_after_sign_in! is not completely correct #2660
Comments
You are right, this is a bug in Rack. :)
Unfortunately, that's very likely to be the proper fix, since there is no API to force load. At some points we also do Can you please send a pull request with comments on the code about the need for such call? |
Well, I'm forced to make my own |
I mean, we should force the |
It doesn't deserve a pull request but here it is. |
The code is:
The problem is that
session.keys
can be empty if the session is not yet loaded. You can see that methodskeys
andvalues
inActionDispatch::Request::Session
are not triggering session loading (frankly speaking I can't even think up a reason why it's done so, alsoRack::Session::Abstract::ID
does it the same way, please explain it to me if anyone knows why).The effect is that
expire_session_data_after_sign_in!
does nothing in some curcumstances. I hit it when created a two-line action just invoking this helper and doing redirect.I fixed my code by adding a call to
session.empty?
at the beginning to force session initialization. But I believe this is not how it should be.The text was updated successfully, but these errors were encountered: