using devise and devise_token_auth will always generate devise session token, also when support is set to false

[mithom]

my application is in the situation where there is a login with sessions for railsAdming acces, Almost everything else uses devise_token_auth. I do not want to create session cookies since it will be a backend for mobile applications, but i cannot set the session_store :disabled since this will break the session for railsAdmin.

When you put the support for legacy_devise to false, the session cookie is still generated and set, but is silently ignored. Shouldn't the default behaviour be that if you do not enable the legacy support, no session cookies are created since this is the whole point of using tokens to start with?

I used different namespaces (api for token_auth) and different controllers to avoid the cookie login, but I try to find a way to get rid of the unnecessary cookies.

[zachfeldman]

Hi there @mithom ,

In an effort to cleanup this project and prioritize a bit, we're marking issues that haven't had any activity in a while with a "close-in-7-days" label. If we don't hear from you in about a week, we'll be closing this issue. Obviously feel free to re-open it at any time if it's the right time or this was done in error!

If you are still having the issue (especially if it's a bug report) please refer to our new Issue Template to provide some more details to help us solve it.

Hope all is well.

[mithom]

this problem still exists, but as I limited the the normal devise login to admin only for now, this is no issue for my specific project. I will update the issue with the template in one of the next days

[zachfeldman]

Awesome thanks @mithom ! We'd appreciate more info