In my exit action, I do this:
reset_session
cookies.delete(:rememberme)
redirect_to root_url
But the session is not destroyed.
When I check the headers, the request sent to my logout action explicitly includes the session identifier:
Cookie: hiddenalerts=site_vrfy_124258; __utmz=REMOVED_INFO.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); elpriv=REMOVED_INFO; SESSID=b39a9a89bb6a39ea91b620fe0da392ed; __utma=REMOVED_INFO; __utmc=REMOVED_INFO; __utmb=REMOVED_INFO
But the answer only clears the cookie memme, it does not clear the session cookie:
Set-Cookie: rememberme=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
If I compare this with the same headers when I comment on the removal of the memme cookie. The request looks the same:
Cookie: hiddenalerts=site_vrfy_124258; __utmz=REMOVED_INFO.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); elpriv=REMOVED_INFO; SESSID=b39a9a89bb6a39ea91b620fe0da392ed; __utma=REMOVED_INFO; __utmc=REMOVED_INFO; __utmb=REMOVED_INFO
But the answer is more like expected (and my session is correctly destroyed):
Set-Cookie: SESSID=50640523cf32b5b0fe8c93eb16aba6dc; path=/; HttpOnly
- ? , ApplicationController cookie, , cookie , , reset_session. , cookie , , , .
, " " , .
| . . https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/6763-deleting-a-cookie-and-calling-reset_session-in-the-same-controller-action-does-not-send-new-session-cookie