How to logout all login users in sorcery

Question

I am using sorcery for authentication in our site. I want to logout all login users from our site but can't find any way to logout all users.

How can I do this?

Answer 1

You can invalidate all sessions using invalidate_active_sessions!

See https://github.com/Sorcery/sorcery#session-timeout

Answer 2

1. using timeout

   # config/initializers/sorcery.rb
   Rails.application.config.sorcery.submodules = [:session_timeout]
   
   # config/initializers/sorcery.rb
   Rails.application.config.sorcery.configure do |config|
     config.session_timeout = 1 # This is in seconds.
     config.session_timeout_from_last_action = true # session timeout is calculated from the last valid activity. By default this is false.
   end
   

2. using callback

   # app/controllers/application_controller.rb
   before_action :auto_logout, if: :logged_in?
   def auto_logout
     force_forget_me!
     logout
   end
   

3. using current_users, add class method in user model

   # app/models/user.rb
   def self.get_current_users
     config = sorcery_config
   
     where("#{config.last_activity_at_attribute_name} IS NOT NULL") \
     .where("#{config.last_logout_at_attribute_name} IS NULL 
       OR #{config.last_activity_at_attribute_name} > #{config.last_logout_at_attribute_name}") \
     .where("#{config.last_activity_at_attribute_name} > ? ", config.activity_timeout.seconds.ago.utc.to_s(:db))
   end
   
   # call upper method anywhere (or console)
   User.get_current_users.each do |user|
     current_user = user
     before_logout!
     @current_user = nil
     reset_sorcery_session
     after_logout!(user)
   end
   

4. (recommend)remove session store from your disk like session_store, redis etc..and so on