How can I reset all devise sessions so every user has to login again?
Solution 1
Changing your session_token will work if you're storing your sessions in cookies (default).
But if you're storing in active_record, then you can delete all the sessions by:
rake db:sessions:clear
then: BAM! no more sessions.
Solution 2
You should be able to change your session cookie name to invalidate all sessions, which lives in config/initializers/session_store.rb
YourApp::Application.config.session_store :cookie_store, key: '_change_me_session'
Solution 3
Update on the accepted answer, now it is
rake tmp:clear
rake -T
...
rake tmp:create # Creates tmp directories for sessions, cache, sockets, and pids
Solution 4
If your sessions don't store any other critical information, you could clear the sessions:
rake db:sessions:clear
Solution 5
Devise has a thing called timeoutable can you work with that?
Related videos on Youtube
ekochergin
Updated on November 03, 2021Comments
-
ekochergin over 2 years
At some mystery point X with this rails app hosted on heroku, a logged in user would suddenly be logged in as another user. I am using the devise gem for authentication.
This has occurred for 2 users that we know of. I am currently tracking down what the root cause of this issue could be.
What I need to do right now is invalidate all devise sessions in order to force users to login again. After a user logs in, the problem seems to go away.
I tried reseting my secret_token but I was not forced to login again. I then scaled my web dynos down and then back up. I also restarted the app. All trying to get the secret_token change to reset the sessions.
Any other ideas?
-
kasperite about 11 yearsHave you tried session timeout?Its one of Devise modules
-
-
ekochergin about 11 yearsThe session store was switched to active record. So the rake:db:sessions:clear fixed the issue.
-
Mini John about 10 yearsno matter how i try it, i'm getting a "don't know how to build taks".. Any suggestions ?
-
Jesse Wolgamott about 10 years@TheMiniJohn literally "taks" ?
-
Zitao Xiong over 8 yearsit should be
rake tmp:clear
ortmp:sessions:clear, tmp:cache:clear
-
Onichan about 8 yearsThis is the only solution that worked (using Heroku + Rails + Postgres)
-
Jon Kern about 7 yearsdo
rake -T
and look for something resembling one of the above commands for your specific application. -
fedest about 6 yearsI've tried to run this but i get the error
Don't know how to build task 'db:sessions:clear'
-
jlleblanc over 5 yearsThank you! This is the answer that worked for me. I'm on Rails 4.2 with Devise and
db:sessions:clear
is not available as a task. It took about 5 minutes, buttmp:clear
did it. -
Jeff Davenport over 4 yearsThis is the only one that worked for me. Changing cookie session key did not work
-
Jeff Davenport over 4 yearsThis did not work for me. Had to use
rake tmp:clear;rake tmp:create
-
matiasmasca almost 3 yearsIn Rails 5, it was the solution for us. Only change the name of the cookie and re-start the app.