Class: RemoveSession

Inherits:
Object
  • Object
show all
Defined in:
app/middleware/remove_session.rb

Constant Summary collapse 

'Set-Cookie'

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ RemoveSession

Returns a new instance of RemoveSession.



6
7
8
 
# File 'app/middleware/remove_session.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'app/middleware/remove_session.rb', line 10

def call(env)
  status, headers, body = @app.call(env)

  path = env['PATH_INFO']
  user_key = env['rack.session'].try(:[], 'warden.user.user.key')

  # Don't delete the session cookie if:
  #   - We're in the process of logging in (breaks CSRF for sign in form)
  #   - We're logged in (needed for Devise)
  skip_delete = (
    path =~ %r{^/users} ||
    user_key.present? ||
    headers[SET_COOKIE].blank?
  )

  signing_out = path == '/users/sign_out'

  unless skip_delete
    # Delete ONLY the session cookie.
    headers[SET_COOKIE] = without_session_cookie(headers[SET_COOKIE])
  end

  if signing_out
    # Clear out the session cookie so the browser won't send it again.
    Rack::Utils.delete_cookie_header!(headers, session_key, path: '/')
  end

  [status, headers, body]
end