|
|
|
|
|
|
by spect88
1822 days ago
|
|
|
> How does Devise handle 'revoke all sessions for this user'? The cookie has both user id and a special token which IIRC is a substring of the user's password salt. Retrieving current user from cookie includes not only looking up by id, but also verifying the salt. So if you change the password, the salt is also changed and all the old sessions will stop working. |
|
|