From 80cbf19453bb3fe22e8d038a9631b8436320788b Mon Sep 17 00:00:00 2001
From: Rafael Barbolo <barbolo@gmail.com>
Date: Mon, 23 Apr 2018 14:50:59 -0300
Subject: [PATCH] Remove key from session by using session.delete (#31685)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Remove key from session by using session.delete

You are not deleting a key from session when you assign nil to that key.

* Update guides on how to destroy a user session

In this commit, the user id is removed from session and controller's variables related to the user are nullified.

[Rafael Mendonça França + Rafael Barbolo]
---
 guides/source/action_controller_overview.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md
index e0e85588a0..4e3319dec4 100644
--- a/guides/source/action_controller_overview.md
+++ b/guides/source/action_controller_overview.md
@@ -457,7 +457,9 @@ class LoginsController < ApplicationController
   # "Delete" a login, aka "log the user out"
   def destroy
     # Remove the user id from the session
-    @_current_user = session[:current_user_id] = nil
+    session.delete(:current_user_id)
+    # Clear the memoized current user
+    @_current_user = nil
     redirect_to root_url
   end
 end