Add Force All Users To Sign Out as a rails til

README.md

@@ -9,7 +9,7 @@ and pairing with smart people at Hashrocket.
 
 For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud).
 
-_911 TILs and counting..._
+_912 TILs and counting..._
 
 ---
 
@@ -547,6 +547,7 @@ _911 TILs and counting..._
 - [Demodulize A Class Name](rails/demodulize-a-class-name.md)
 - [Disambiguate Where In A Joined Relation](rails/disambiguate-where-in-a-joined-relation.md)
 - [Ensure Migrations Use The Latest Schema](rails/ensure-migrations-use-the-latest-schema.md)
+- [Force All Users To Sign Out](rails/force-all-users-to-sign-out.md)
 - [Generating And Executing SQL](rails/generating-and-executing-sql.md)
 - [Get An Array Of Values From The Database](rails/get-an-array-of-values-from-the-database.md)
 - [Get The Column Names For A Model](rails/get-the-column-names-for-a-model.md)

rails/force-all-users-to-sign-out.md

@@ -0,0 +1,23 @@
+# Force All Users To Sign Out
+
+If you are using cookie-based authentication and you want to sign out all users
+(so that they have to re-authenticate), you need to invalidate all of the
+cookies.
+
+Because the cookies live in the client's browser, you cannot simply clear them
+like you would with session-based authentication. Instead, you need to replace
+the session token used to create all those cookies.
+
+First, get a new token:
+
+```bash
+$ bundle exec rake secret
+538696c1399ff182486e09980ba915d098b8fb23a3ace42c3eea0ab51b18fdff7895cd620f32b263d10d25c2fdba16647f4d8632e9032eccef7406e1ad9cba09
+```
+
+Then, replace the current `secret_key_base` value with that new secret token
+[wherever it is
+stored](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base)
+in the production environment.
+
+[source](https://stackoverflow.com/questions/35190591/rails-4-devise-how-to-log-out-all-users)