From 1f3638aaa5cb2a26b65e0a8eab04a1571deed96c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@plataformatec.com.br>
Date: Sat, 23 May 2015 22:13:59 +0200
Subject: [PATCH] Do not clean up CSRF on rememberable

---
 lib/devise/strategies/rememberable.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb
index b1f0dadd..fcc76ea5 100644
--- a/lib/devise/strategies/rememberable.rb
+++ b/lib/devise/strategies/rememberable.rb
@@ -32,6 +32,15 @@ module Devise
         end
       end
 
+      # No need to clean up the CSRF when using rememberable.
+      # In fact, cleaning it up here would be a bug because
+      # rememberable is triggered on GET requests which means
+      # we would render a page on first access with all csrf
+      # tokens expired.
+      def clean_up_csrf?
+        false
+      end
+
     private
 
       def extend_remember_me_period(resource)