Skip to content
This repository has been archived by the owner on Jan 30, 2024. It is now read-only.

Don't set unique_session_id if devise.skip_session_limitable is set #96

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Don't set unique_session_id if devise.skip_session_limitable is set #96

wants to merge 2 commits into from

Conversation

aaronchi
Copy link

@aaronchi aaronchi commented Oct 8, 2014

There is currently no way to disable the setting of the unique_session_id. This adds the skip_session_limitable option to set as well as fetch

seanknox
seanknox reviewed Apr 9, 2015
View reviewed changes
lib/devise_security_extension/hooks/session_limitable.rb
@@ -3,7 +3,7 @@
# and on authentication. Retrieving the user from session (:fetch) does
# not trigger it.
Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope])
if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_session_limitable'] && !warden.request.session.key?('impersonator_id')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's quite a conditional. Can you refactor into smaller, meaningfully-named methods?

@seanknox
Copy link
Member

seanknox commented Apr 9, 2015

Could you write some tests to support your work? This project really needs 'em!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aaronchi @seanknox