Deleting the current session with Rack::Session::Cookie
13,476
Solution 1
Just use
session.clear
to destroy the session.
Solution 2
It depends how you create your session. Simply you have to nulify session entry. Here is simple example, how to create and destroy sessions.
get '/login' do
session[:username] = params[:username]
"logged in as #{session[:username]}"
end
get '/logout' do
old_user = session[:username]
session[:username] = nil
"logged out #{old_user}"
end
You can also check this example: https://gist.github.com/131401
Related videos on Youtube
30 : 39
Cookie, Session
14 : 28
JavaScript Cookies vs Local Storage vs Session
04 : 15
Elton John, Dua Lipa - Cold Heart (PNAU Remix) (Official Video)
30 : 54
Understanding Authentication in Node.js - Sessions and Cookies - Web Development Concepts Explained
11 : 53
Difference between cookies, session and tokens
11 : 51
How Hackers Use Stored Cross Site Scripting (XSS) to Steal Session Cookies (and how to mitigate it)
07 : 15
Rails for Beginners Part 15: Login with Session Cookies
14 : 04
Session Hijacking Attack | Session ID and Cookie Stealing | SideJacking
28 : 57
PHP SESSION COOKIE Login
14 : 55
PHP Sessions & Cookies - Output Buffering - Headers Already Sent Warning - Full PHP 8 Tutorial
![[DOTNETVN] Xóa Mù Session Và Cookie Cho Dân Gà Mờ](https://i.ytimg.com/vi/K8D3gCUDM20/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCddmIYErG2YDhiB-wC10qVG16yeA)
21 : 10
[DOTNETVN] Xóa Mù Session Và Cookie Cho Dân Gà Mờ
28 : 48
Create Cookies delete Cookies , Create Sessions and unset or Destroy Session in php
43 : 00
18 - Protect your Fastify API with Session Cookie Authentication
01 : 04
How to Delete Session Cookie - jQuery
06 : 27
#356 Dangers of Session Hijacking
Author by
ecoffey
A developer with an eye towards Compositional and Functional programming styles. Always striving to learn new ways to better express the Intent of programming over the Mechanics of implementation. Software Engineer at Twitter Boulder where I help to build large scale, high delivery systems and infrastructures.
Updated on August 29, 2020Comments
-
ecoffey over 3 years
I feel like I'm missing something obvious here, and I'm hoping that as soon as I post this someone will shame me with the google search link I was missing :-)
enable :sessions get '/logout' do # What goes here to kill the session? end -
ecoffey over 13 yearsHmm, I had tried that, but the rack.session cookie still exists after I "log out".
-
xentek about 10 years@ecoffey are you sure its the same cookie? If you use
session.clearit'll likely be a new session, but the old one will havw been destroyed. Nil-ing session key(s) might keep the original cookie but be devoid of any value(s). -
Redoman over 8 yearsFrom the OP example it's clear (enable :sessions) that they are using Sinatra or a similar ruby framework, yet they asked about deleting the session usingRack::Session::Cookiedirectly. Does the solution provided in this answer applies to that, or is Sinatra/Rails specific? According to stackoverflow.com/questions/10451392/…#sessionis a method specific to Sinatra/Rails/... and plain rack applications don’t have it. If this is true then, does anybody know what's the correct rack-only way to deal with this? -
Ohad Perry over 8 yearsnot working for me, tried it a couple of times. I have a very simple app usingenable :sessions -
Jonas Fagundes over 8 years@jj_ Nope,
sinatraandrailsuse rack middleware.
