Module: Devise::Models::SessionLimitable

Extended by:
ActiveSupport::Concern
Includes:
Compatibility
Defined in:
lib/devise-security/models/session_limitable.rb

Overview

SessionLimited ensures, that there is only one session usable per account at once. If someone logs in, and some other is logging in with the same credentials, the session from the first one is invalidated and not usable anymore. The first one is redirected to the sign page with a message, telling that someone used his credentials to sign in.

Instance Method Summary collapse

Instance Method Details

#skip_session_limitable?Boolean, false

Should session_limitable be skipped for this instance?

Returns:

  • (Boolean)
  • (false)

    by default. This can be overridden by application logic as necessary.


33
34
35
# File 'lib/devise-security/models/session_limitable.rb', line 33

def skip_session_limitable?
  false
end

#update_unique_session_id!(unique_session_id) ⇒ void

This method returns an undefined value.

Update the unique_session_id on the model. This will be checked in the Warden after_set_user hook in session_limitable

Parameters:

  • unique_session_id (String)

Raises:


22
23
24
25
26
27
28
# File 'lib/devise-security/models/session_limitable.rb', line 22

def update_unique_session_id!(unique_session_id)
  raise Devise::Models::Compatibility::NotPersistedError, 'cannot update a new record' unless persisted?

  update_attribute_without_validatons_or_callbacks(:unique_session_id, unique_session_id).tap do
    Rails.logger.debug { "[devise-security][session_limitable] unique_session_id=#{unique_session_id}" }
  end
end