How the Clearance gem remembers and clears sessions

Updated . Posted . Visible to the public.

Clearance Show archive.org snapshot is a gem that provides authentication functionality (e.g. login, logout). This note explains, how the clearance login, logout and (in old Clearances) remember me functionality works.

Login

Clearance defines a database column called "remember_token". When you login in, that token will be saved in a cookie. For that reason you don't have to re-sign-in when you close and open the browser again.
This also means that you can be logged in in more than a single browser. Also see When sessions, cookies and Clearance tokens expire and how to change it.

Logout

When you log out in a browser, the remember_token in the database will be set to a new hash value. That means, all browsers that have been logged in are logged out immediately for their next request, because the cookie token and database token do not match anymore.

How to log out a user / all users

To log out a user, you can simply set the database token to a new value (be aware that you should use a secure and salted hash) or better call the the_user_to_log_out.reset_remember_token! method that does the things for you.

Note: Have a look at the wiki entry describing concurrent sign in Show archive.org snapshot .

Ulrich Berkmüller
Last edit
License
Source code in this card is licensed under the MIT License.
Posted by Ulrich Berkmüller to makandra dev (2011-10-27 07:08)