事实证明,在使用Devise(身份验证gem)(在session[:session_id]或session_controller中)登录后获取会话ID(使用after_sign_in_path_for)之前不会返回相同的内容登录后第一次重定向后。
有人能解释我为什么吗? 有没有办法在重定向之前获得最终会话ID ?
答案 0 :(得分:1)
GYI回答来自Gee-Bee(https://github.com/Gee-Bee):
https://github.com/plataformatec/devise/issues/3706
@customParam bit, when customParam is true select * from A a join B b on a.B_Id = b.Id else select * from A a join B b on b.someid = a.someid我会试试。简而言之:
Is anyone can explain me why ?调用destroy_session和set_session实现 ActionDispatch ::会话::的CookieStore)
Devise has nothing to do with it Warden has something to do with it - it's setting :renew option on session, after setting user (proxy, spec) Actual action takes place in in Rake::Session::Abstract#commit_session which updates session_id (by当然可以。请记住Warden正在改变session_id 身份验证以防止会话固定攻击,因此在覆盖 设计控制器你应该手动更改session_id除了 禁用:续订会话选项。这样做:
session.options [:id] = session.instance_variable_get(:@通过).generate_sid session.options [:renew] = false