diff --git a/README.md b/README.md index afe6f94..c3c2598 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ and pairing with smart people at Hashrocket. For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud). -_911 TILs and counting..._ +_912 TILs and counting..._ --- @@ -547,6 +547,7 @@ _911 TILs and counting..._ - [Demodulize A Class Name](rails/demodulize-a-class-name.md) - [Disambiguate Where In A Joined Relation](rails/disambiguate-where-in-a-joined-relation.md) - [Ensure Migrations Use The Latest Schema](rails/ensure-migrations-use-the-latest-schema.md) +- [Force All Users To Sign Out](rails/force-all-users-to-sign-out.md) - [Generating And Executing SQL](rails/generating-and-executing-sql.md) - [Get An Array Of Values From The Database](rails/get-an-array-of-values-from-the-database.md) - [Get The Column Names For A Model](rails/get-the-column-names-for-a-model.md) diff --git a/rails/force-all-users-to-sign-out.md b/rails/force-all-users-to-sign-out.md new file mode 100644 index 0000000..72477fa --- /dev/null +++ b/rails/force-all-users-to-sign-out.md @@ -0,0 +1,23 @@ +# Force All Users To Sign Out + +If you are using cookie-based authentication and you want to sign out all users +(so that they have to re-authenticate), you need to invalidate all of the +cookies. + +Because the cookies live in the client's browser, you cannot simply clear them +like you would with session-based authentication. Instead, you need to replace +the session token used to create all those cookies. + +First, get a new token: + +```bash +$ bundle exec rake secret +538696c1399ff182486e09980ba915d098b8fb23a3ace42c3eea0ab51b18fdff7895cd620f32b263d10d25c2fdba16647f4d8632e9032eccef7406e1ad9cba09 +``` + +Then, replace the current `secret_key_base` value with that new secret token +[wherever it is +stored](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base) +in the production environment. + +[source](https://stackoverflow.com/questions/35190591/rails-4-devise-how-to-log-out-all-users)