Closed mikker closed 5 years ago
This is breaking because it means signing out everyone after upgrading.
Perhaps there's an easy enough upgrade path of _fall back to looking up session with something like fallback_session = user.find(cookies[:user_id])&.sessions.valid.first
_
Consider that possibly breaking change then 😄
Closed by #53
When we
authenticate_by_cookie
we find the user by the saveduser_id
in the cookies. This means we don't actually know when their session expires.Instead we'll save the session.id and look up the user from that. That way we'll know if the session has expired too. We might even want to check for this on every sign-in-required request?