chore: add expiry note for old rack/rails session bug fix

Seven year ago rails `session.keys` could be empty if the session was not loaded yet. To prevent an error the removed code was introduced https://github.com/heartcombo/devise/issues/2660 Since then rails changed the behaviour and makes sure that the session is loaded before someone wants to access any session keys 3498aacbbe Which means the `session.empty?` is not needed anymore once Rails 5.2+ and upwards only supported.
2020-11-02 18:02:36 +01:00 · 2020-11-02 18:02:36 +01:00 · b88af5d65e
parent 45b831c4ea
commit b88af5d65e
1 changed files with 2 additions and 0 deletions
--- a/lib/devise/controllers/sign_in_out.rb
+++ b/lib/devise/controllers/sign_in_out.rb
@ -106,10 +106,12 @@ module Devise
      private

      def expire_data_after_sign_in!
+        # TODO: remove once Rails 5.2+ and forward are only supported.
        # session.keys will return an empty array if the session is not yet loaded.
        # This is a bug in both Rack and Rails.
        # A call to #empty? forces the session to be loaded.
        session.empty?
+
        session.keys.grep(/^devise\./).each { |k| session.delete(k) }
      end