Logout users with devise gem rails

Question

In admin section, I'm showing a list of currently logged in users. Now admin can select one or more user/users and destroy their session(logout them). I'm not able to figure where to start from,please help me.

score 5 · Accepted Answer · answered Apr 24 '13 at 14:56

5

You can use the sign_out method in the controller action by passing in the user object:

# Make sure only admins can do this
def sign_out_user
    @user = User.find(params[:id])    
    sign_out @user  
end

More info here:

http://rubydoc.info/github/plataformatec/devise/master/Devise/TestHelpers%3asign_out

answered Apr 24 '13 at 14:56

AlexBrand

11,971
20
87
132

Is it necessary to use user controller or any controller will do? – Sachin Prasad Apr 24 '13 at 14:58
I would create a specific action for admin users to use. I'll update my answer. – AlexBrand Apr 24 '13 at 14:59
This would allow you to logout a specific user – AlexBrand Apr 24 '13 at 15:02
Its logging out the admin instead of the user – Sachin Prasad Apr 24 '13 at 19:00
Are you setting the @user variable to the selected user or the admin user? – AlexBrand Apr 24 '13 at 19:50
I'm giving user object to sign_out I also tried abort @user.to_yaml and it was user data but its logging out the admin. – Sachin Prasad Apr 25 '13 at 05:04

score 1 · Answer 2 · answered Apr 24 '13 at 14:57

1

Considering users is the collection of your required users,

for user in users
  sign_out user
end

It should solve your issue.

Hope it helps :)

answered Apr 24 '13 at 14:57

Prem

5,844
3
25
23

Its logging out the admin instead of the user. – Sachin Prasad Apr 24 '13 at 19:04
Did you verify the 'users' collection? it could be, admin objects sent in 'users' collection. – Prem Apr 25 '13 at 03:28
I'm giving user object to sign_out I also tried abort @user.to_yaml and it was user data but its logging out the admin – Sachin Prasad Apr 25 '13 at 05:05
See my answer for more details, but passing a user to sign_out will just logout everyone in the :user scope, as if you'd called `sign_out(:user)`. – Jaime Bellmyer Jan 06 '16 at 22:13

score 0 · Answer 3 · answered Jan 06 '16 at 22:12

The sign_out method provided by Devise won't help. I know the documentation says that it will logout the "resource" you requested, but if you dig into the gems themselves (devise and warden) you'll find that when you give it an object, like a user, it merely figures out what scope (ie, :user) that object belongs to, and it logs out that entire scope.

A scope in Devise is a namespace for logins. You might have a Customer model that requires logins, but also a Vendor model that also requires logins, and you'd use different scopes for those. Most applications only use a single scope, tied to the User model.

You're probably using :cookie_store for your session storage, which is the Rails default. In this case, it isn't possible to log out any single user except yourself. Devise stores your login info in the session, which is stored in a cookie, and not in your database. Their browser has the credentials, so you can't directly remove that.

Logout users with devise gem rails

3 Answers3

Linked