search

twilio / authy-devise

Authy Devise plugin to add Two-Factor Authentication
MIT License
200 stars 84 forks source link

remember_device on logout #163

Closed GeekOnCoffee closed 2 years ago

GeekOnCoffee commented 2 years ago

When I log out and log back in, it is forcing me to auth again; is that an issue with my implementation (we've got a bit of an unusual devise setup), or is that working as intended?

philnash commented 2 years ago

It's been a while since I've been in the code for this project, but after a quick look around I don't believe this plugin touches the sign out process and leaves it all to devise. That resets the session, but leaves cookies in place.

I just tested this in the example app and the remember_device cookie did remain after sign out.

Does your app/devise setup do things with cookies during sign out?

GeekOnCoffee commented 2 years ago

Interestingly the cookie is there, but the session variable isn't getting set; I think that gives me enough to go on, thanks!

philnash commented 2 years ago

Remembering the device shouldn't require anything in the session, it's a signed cookie. You can see what it's checking for here: https://github.com/twilio/authy-devise/blob/4d2ee10bac9a265d6c907e6295b3c5e7688ffd81/lib/devise-authy/controllers/helpers.rb#L25-L36.

GeekOnCoffee commented 2 years ago

Correct, but my custom code was looking for the session variable

On Thu, Dec 16, 2021, 10:22 PM Phil Nash @.***> wrote:

Remembering the device shouldn't require anything in the session, it's a signed cookie. You can see what it's checking for here: https://github.com/twilio/authy-devise/blob/4d2ee10bac9a265d6c907e6295b3c5e7688ffd81/lib/devise-authy/controllers/helpers.rb#L25-L36 .

— Reply to this email directly, view it on GitHub https://github.com/twilio/authy-devise/issues/163#issuecomment-996426213, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB2YCWNGSNA4F7G5XGHRUDURK3I7ANCNFSM5KH3ZCEA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you modified the open/close state.Message ID: @.***>

philnash commented 2 years ago

Ok, as long as you know what you're looking for now! Let me know if there's anything else I can help with.