Do not clean up CSRF on rememberable

2026-04-28 03:00:29 -04:00 · 2015-05-23 22:13:59 +02:00
parent ac4a89a511
commit 1f3638aaa5
1 changed files with 9 additions and 0 deletions
--- a/lib/devise/strategies/rememberable.rb
+++ b/lib/devise/strategies/rememberable.rb
@@ -32,6 +32,15 @@ module Devise
        end
      end

+      # No need to clean up the CSRF when using rememberable.
+      # In fact, cleaning it up here would be a bug because
+      # rememberable is triggered on GET requests which means
+      # we would render a page on first access with all csrf
+      # tokens expired.
+      def clean_up_csrf?
+        false
+      end
+
    private

      def extend_remember_me_period(resource)