ruby-on-rails – 随机设计注销问题

概述我有一个Rails 4电子商务应用程序,我正在使用Devise进行用户身份验证. 我也使用ActiveAdmin,它也使用Devise进行身份验证. 我遇到的问题是我随机登陆.几乎看起来会话被破坏了,但会话cookie保持不变.我尝试删除Devise skip_session_storage选项,但没有骰子. 我使用：dalli_store在memcached中存储会话. 我的devise.rb看 我有一个Rails 4电子商务应用程序,我正在使用Devise进行用户身份验证.

我也使用Activeadmin,它也使用Devise进行身份验证.

我遇到的问题是我随机登陆.几乎看起来会话被破坏了,但会话cookie保持不变.我尝试删除Devise skip_session_storage选项,但没有骰子.

我使用：dalli_store在memcached中存储会话.

我的devise.rb看起来像：

# require 'devise-encryptable'# Use this hook to configure devise mailer,warden hooks and so forth.# Many of these configuration options can be set straight in your model.Devise.setup do |config|  # The secret key used by Devise. Devise uses this key to generate  # random tokens. Changing this key will render invalID all existing  # confirmation,reset password and unlock tokens in the database.  config.secret_key = '<secret_key>'  # ==> Mailer Configuration  # Configure the e-mail address which will be shown in Devise::Mailer,# note that it will be overwritten if you use your own mailer class  # with default "from" parameter.  # Todo:  config.mailer_sender = 'noreply@example.com'  # Configure the class responsible to send e-mails.  config.mailer = 'Store::UserMailer'  # ==> ORM configuration  # Load and configure the ORM. Supports :active_record (default) and  # :mongoID (bson_ext recommended) by default. Other ORMs may be  # available as additional gems.  require 'devise/orm/active_record'  # ==> Configuration for any authentication mechanism  # Configure which keys are used when authenticating a user. The default is  # just :email. You can configure it to use [:username,:subdomain],so for  # authenticating a user,both parameters are required. Remember that those  # parameters are used only when authenticating and not when retrIEving from  # session. If you need permissions,you should implement that in a before filter.  # You can also supply a hash where the value is a boolean determining whether  # or not authentication should be aborted when the value is not present.  # config.authentication_keys = [ :email ]  # Configure parameters from the request object used for authentication. Each entry  # given should be a request method and it will automatically be passed to the  # find_for_authentication method and consIDered in your model lookup. For instance,# if you set :request_keys to [:subdomain],:subdomain will be used on authentication.  # The same consIDerations mentioned for authentication_keys also apply to request_keys.  # config.request_keys = []  # Configure which authentication keys should be case-insensitive.  # These keys will be downcased upon creating or modifying a user and when used  # to authenticate or find a user. Default is :email.  config.case_insensitive_keys = [ :email ]  # Configure which authentication keys should have whitespace stripped.  # These keys will have whitespace before and after removed upon creating or  # modifying a user and when used to authenticate or find a user. Default is :email.  config.strip_whitespace_keys = [ :email ]  # Tell if authentication through request.params is enabled. True by default.  # It can be set to an array that will enable params authentication only for the  # given strategIEs,for example,`config.params_authenticatable = [:database]` will  # enable it only for database (email + password) authentication.  # config.params_authenticatable = true  # Tell if authentication through http Auth is enabled. False by default.  # It can be set to an array that will enable http authentication only for the  # given strategIEs,`config.http_authenticatable = [:token]` will  # enable it only for token authentication. The supported strategIEs are:  # :database      = Support basic authentication with authentication key + password  # :token         = Support basic authentication with token authentication key  # :token_options = Support token authentication with options as defined in  #                  http://API.rubyonrails.org/classes/ActionController/httpAuthentication/Token.HTML  # config.http_authenticatable = false  # If http headers should be returned for AJAX requests. True by default.  config.http_authenticatable_on_xhr = false  # The realm used in http Basic Authentication. 'Application' by default.  # config.http_authentication_realm = 'Application'  # It will change confirmation,password recovery and other workflows  # to behave the same regardless if the e-mail provIDed was right or wrong.  # Does not affect registerable.  # config.paranoID = true  # By default Devise will store the user in session. You can skip storage for  # :http_auth and :token_auth by adding those symbols to the array below.  # Notice that if you are skipPing storage for all authentication paths,you  # may want to disable generating routes to Devise's sessions controller by  # passing :skip => :sessions to `devise_for` in your config/routes.rb  # config.skip_session_storage = [:http_auth]  # By default,Devise cleans up the CSRF token on authentication to  # avoID CSRF token fixation attacks. This means that,when using AJAX  # requests for sign in and sign up,you need to get a new CSRF token  # from the server. You can disable this option at your own risk.  config.clean_up_csrf_token_on_authentication = true  # ==> Configuration for :database_authenticatable  # For bcrypt,this is the cost for hashing the password and defaults to 10. If  # using other encryptors,it sets how many times you want the password re-encrypted.  #  # limiting the stretches to just one in testing will increase the performance of  # your test suite dramatically. However,it is STRONGLY RECOMMENDED to not use  # a value less than 10 in other environments.  config.stretches = Rails.env.test? ? 1 : 10  # Setup a pepper to generate the encrypted password.  config.pepper = '<pepper_value>'  # ==> Configuration for :confirmable  # A period that the user is allowed to access the website even without  # confirming his account. For instance,if set to 2.days,the user will be  # able to access the website for two days without confirming his account,# access will be blocked just in the third day. Default is 0.days,meaning  # the user cannot access the website without confirming his account.  # config.allow_unconfirmed_access_for = 2.days  # A period that the user is allowed to confirm their account before their  # token becomes invalID. For example,if set to 3.days,the user can confirm  # their account within 3 days after the mail was sent,but on the fourth day  # their account can't be confirmed with the token any more.  # Default is nil,meaning there is no restriction on how long a user can take  # before confirming their account.  # config.confirm_within = 3.days  # If true,requires any email changes to be confirmed (exactly the same way as  # initial account confirmation) to be applIEd. Requires additional unconfirmed_email  # db fIEld (see migrations). Until confirmed new email is stored in  # unconfirmed email column,and copIEd to email column on successful confirmation.  config.reconfirmable = false  # defines which key will be used when confirming an account  # config.confirmation_keys = [ :email ]  # ==> Configuration for :rememberable  # The time the user will be remembered without asking for credentials again.  # config.remember_for = 2.weeks  # If true,extends the user's remember period when remembered via cookie.  # config.extend_remember_period = false  # Options to be passed to the created cookie. For instance,you can set  # :secure => true in order to force SSL only cookies.  # config.rememberable_options = {}  # ==> Configuration for :valIDatable  # Range for password length. Default is 8..128.  config.password_length = 8..128  # Email regex used to valIDate email formats. It simply asserts that  # one (and only one) @ exists in the given string. This is mainly  # to give user Feedback and not to assert the e-mail valIDity.  # config.email_regexp = /\A[^@]+@[^@]+\z/  # ==> Configuration for :timeoutable  # The time you want to timeout the user session without activity. After this  # time the user will be asked for credentials again. Default is 30 minutes.  # config.timeout_in = 30.minutes  # If true,expires auth token on session timeout.  # config.expire_auth_token_on_timeout = false  # ==> Configuration for :lockable  # defines which strategy will be used to lock an account.  # :Failed_attempts = Locks an account after a number of Failed attempts to sign in.  # :none            = No lock strategy. You should handle locking by yourself.  # config.lock_strategy = :Failed_attempts  # defines which key will be used when locking and unlocking an account  config.unlock_keys = [ :email ]  # defines which strategy will be used to unlock an account.  # :email = Sends an unlock link to the user email  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)  # :both  = Enables both strategIEs  # :none  = No unlock strategy. You should handle unlocking by yourself.  config.unlock_strategy = :both  # Number of authentication trIEs before locking an account if lock_strategy  # is Failed attempts.  config.maximum_attempts = 20  # Time interval to unlock the account if :time is enabled as unlock_strategy.  # config.unlock_in = 1.hour  # ==> Configuration for :recoverable  #  # defines which key will be used when recovering the password for an account  # config.reset_password_keys = [ :email ]  # Time interval you can reset your password with a reset password key.  # Don't put a too small interval or your users won't have the time to  # change their passwords.  config.reset_password_within = 6.hours  # ==> Configuration for :encryptable  # Allow you to use another encryption algorithm besIDes bcrypt (default). You can use  # :sha1,:sha512 or encryptors from others authentication tools as :clearance_sha1,# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)  # and :restful_authentication_sha1 (then you should set stretches to 10,and copy  # REST_AUTH_SITE_KEY to pepper).  #  # Require the `devise-encryptable` gem when using anything other than bcrypt  # config.encryptor = :sha512  # ==> Configuration for :token_authenticatable  # defines name of the authentication token params key  config.token_authentication_key = :auth_token  # ==> Scopes configuration  # Turn scoped vIEws on. Before rendering "sessions/new",it will first check for  # "users/sessions/new". It's turned off by default because it's slower if you  # are using only default vIEws.  config.scoped_vIEws = false  # Configure the default scope given to Warden. By default it's the first  # devise role declared in your routes (usually :user).  # config.default_scope = :user  # Set this configuration to false if you want /users/sign_out to sign out  # only the current scope. By default,Devise signs out all scopes.  config.sign_out_all_scopes = false  # ==> Navigation configuration  # Lists the formats that should be treated as navigational. Formats like  # :HTML,should redirect to the sign in page when the user does not have  # access,but formats like :xml or :Json,should return 401.  #  # If you have any extra navigational formats,like :iphone or :mobile,you  # should add them to the navigational formats Lists.  #  # The "*/*" below is required to match Internet Explorer requests.  config.navigational_formats = ['*/*',:Json,:HTML]  DeviseController.respond_to :HTML,:Json  # The default http method used to sign out a resource. Default is :delete.  config.sign_out_via = :delete  # ==> OmniAuth  # Add a new OmniAuth provIDer. Check the wiki for more information on setting  # up on your models and hooks.  # config.omniauth :github,'APP_ID','APP_SECRET',:scope => 'user,public_repo'  # ==> Warden configuration  # If you want to use other strategIEs,that are not supported by Devise,or  # change the failure app,you can configure them insIDe the config.warden block.  #  config.warden do |manager|    manager.failure_app = ::FailureApp  end  # ==> Mountable engine configurations  # When using Devise insIDe an engine,let's call it `MyEngine`,and this engine  # is mountable,there are some extra configurations to be taken into account.  # The following options are available,assuming the engine is mounted as:  #  #     mount MyEngine,at: '/my_engine'  #  # The router that invoked `devise_for`,in the example above,would be:  # config.router_name = :store  #  # When using omniauth,Devise cannot automatically set Omniauth path,# so you need to do it manually. For the users scope,it would be:  # config.omniauth_path_prefix = '/my_engine/users/auth'end

和User.rb：

module Store  class User < DataModels::User    devise :confirmable,:rememberable,:async,:database_authenticatable,:registerable,:recoverable,:valIDatable    valIDates :firstname,:lastname,presence: true,allow_blank: false,allow_nil: false    belongs_to :group,touch: true    belongs_to :shipPing,class_name: "Address"    belongs_to :billing,class_name: "Address"    has_many :sales,as: :saleable    has_many :orders    # Rest removed for brevity  endend

有什么指针吗？我花了一整天搜索和挖掘Devise和Warden的源代码,但无济于事.

解决方法 一些事情：

>您使用的是哪个版本的Activeadmin？
> async devise选项有什么作用？
>你的Warden :: FailureApp的来源是什么？

你确定它实际上是Devise登出你而不是Activeadmin没有授权你通过CanCan或你自己的自定义：authorization_adapter？这似乎不太可能是断断续续的,但通过配置AA在ApplicationController中使用您自己的方法可以很容易地检查,这样您就可以检查异常,当前用户以及发生时通过Pry的所有内容.

总结

以上是内存溢出为你收集整理的ruby-on-rails – 随机设计注销问题全部内容，希望文章能够帮你解决ruby-on-rails – 随机设计注销问题所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。