Do not clean up CSRF on rememberable

2015-05-23 22:13:59 +02:00 · 2015-05-23 22:13:59 +02:00 · 1f3638aaa5
parent ac4a89a511
commit 1f3638aaa5
1 changed files with 9 additions and 0 deletions
--- a/lib/devise/strategies/rememberable.rb
+++ b/lib/devise/strategies/rememberable.rb
@ -32,6 +32,15 @@ module Devise
        end
      end

+      # No need to clean up the CSRF when using rememberable.
+      # In fact, cleaning it up here would be a bug because
+      # rememberable is triggered on GET requests which means
+      # we would render a page on first access with all csrf
+      # tokens expired.
+      def clean_up_csrf?
+        false
+      end
+
    private

      def extend_remember_me_period(resource)