-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Omniauthable, sign out action and rememberable
By default, Devise doesn't add a sign_out route when using Omniauthable. As your user have logged in through a third-party provider, it will not be able to log out unless you add the following code and adds a link to the sign out action.
devise_scope :user do
get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
endHowever, as we're only using session, closing the browser will be enough to sign out.
You may also notice that rememberable doesn't work because we don't send the rememberable check_in on login. To enforce rememberable usage, you can add this function call to your omniauth callback controller (when @user is the resource):
remember_me(@user)You should include module Devise::Controllers::Rememberable on your controller to use it and ensure a password is always set or have a remember_token column in your model or implement your own rememberable_value in the model with custom logic.
This way, the logged in status will persist between sessions. We don't recommend doing this if you don't have a sign_out action (because people will not be able to log out, even if they close the browser).