Read more

How the Clearance gem remembers and clears sessions

Ulrich Berkmueller
October 27, 2011Software engineer

Clearance Show archive.org snapshot is a gem that provides authentication functionality (e.g. login, logout). This note explains, how the clearance login, logout and (in old Clearances) remember me functionality works.

Login

Illustration web development

Do you need DevOps-experts?

Your development team has a full backlog? No time for infrastructure architecture? Our DevOps team is ready to support you!

  • We build reliable cloud solutions with Infrastructure as code
  • We are experts in security, Linux and databases
  • We support your dev team to perform
Read more Show archive.org snapshot

Clearance defines a database column called "remember_token". When you login in, that token will be saved in a cookie. For that reason you don't have to re-sign-in when you close and open the browser again.
This also means that you can be logged in in more than a single browser. Also see When sessions, cookies and Clearance tokens expire and how to change it.

Logout

When you log out in a browser, the remember_token in the database will be set to a new hash value. That means, all browsers that have been logged in are logged out immediately for their next request, because the cookie token and database token do not match anymore.

How to log out a user / all users

To log out a user, you can simply set the database token to a new value (be aware that you should use a secure and salted hash) or better call the the_user_to_log_out.reset_remember_token! method that does the things for you.

Note: Have a look at the wiki entry describing concurrent sign in Show archive.org snapshot .

Posted by Ulrich Berkmueller to makandra dev (2011-10-27 09:08)