2

I'm using Rails 3.2.11 with Devise 2.2.3 for a subscription service application. I inherited the app from another developer who is no longer available. I am new to Rails and Devise.

I want to allow a single user (email) to have more than one session to the same app, running concurrently. The sessions may all have the same IP address or different IP addresses, though probably different devices -- desktop, laptop, table, smart phone.

I want to treat each session independently, so the user can sign on and off one session without affecting any work in progress on another session.

Question: Does devise support multiple concurrent sessions normally? Do I have to customize any code or config?

When I look at the User model, I see single attributes for "current_sign_in_at", "current_sign_in_ip" and "authentication_token" -- this makes me think a single User can only have one session at a time.

I've looked at this discussion and at the devise wiki but haven't found an answer.

Community
  • 1
  • 1
Bryan Watson
  • 80
  • 1
  • 2
  • 9

1 Answers1

2

Yes, devise allows multiple concurrent sessions for same users by default. Then, if you want restrict this behavior, you need to use some extension like: devise_security_extension

I'm using Rails 3.2.17 with Devise 3.2.2

enrique-carbonell
  • 5,836
  • 3
  • 30
  • 44
  • Thanks. Is there a way to identify a user's sessions (from within or without a Rails app), as an administrative function? That is, how do I answer the questions: Who is signed in? and How many sessions does a user have? – Bryan Watson May 03 '14 at 17:17
  • well...if you need know current users authenticated, you can take an consideration a user's column as for example: "current_singing_ip", but not exist available information to identify how many sessions does user have. Because by default, Rails uses a CookieStore to handle sessions. What it means is that all the informations needed to identify a user's session is sent to the client and nothing is stored on the server. Look at: http://pothibo.com/2013/09/sessions-and-cookies-in-ruby-on-rails – enrique-carbonell May 07 '14 at 12:59
  • you can change session storage to control session_id (Look at: http://pothibo.com/2013/09/sessions-and-cookies-in-ruby-on-rails). Then you know how many sessions per users. – enrique-carbonell May 07 '14 at 13:09