How do I prevent devise from storing sessions when basic auth is used?

Question

Disclaimer: I am a relatively novice RoR developer.

My rails 4 web app supports a RESTful API. I am using devise, and the API authenticates with basic auth without any use of keys/tokens (so basic auth must be used on each request). It works fine, except for this: If you are logged out and hit the API in the browser it stores a session, so then if you go back to the web app, you are logged in. This is not the behavior I want. The user should be redirected to the sign-in page when they hit the API and then hit the web app (unless they were already logged in to begin with). So how to I prevent devise from storing a session when basic auth is used?

Relevant code: In the application controller I have:

before_action :authenticate_user!

And in devise.rb I have:

config.http_authenticatable = true

I found this question that may be helpful to you; http://stackoverflow.com/questions/5435494/rails-3-disabling-session-cookies essentially it looks like you'll need to configure the middleware. — , Jun 16 '16 at 17:59

score 0 · Answer 1 · edited Jul 24 '16 at 11:07

0

Try this:

before_filter :authenticate_user!,except: [("whatever actions you want the user to see without being logged in")]

edited Jul 24 '16 at 11:07

Tunaki

132,869
46
340
423

answered Jul 24 '16 at 10:03

J.Danely

37
5

How do I prevent devise from storing sessions when basic auth is used?

1 Answers1