I use Devise with several areas (in this case, with a user area and an administration area), and administrators can "become" a user using the Wiki approach to the wiki. This works well, except that I have one specific page that requires the use of the auth token, which causes a problem with the session registered both in the user area and in the admin panel. The page generates a POST for the controller, which requires the user to register using the user authentication token. POST succeeds, but then, the authority was written out. (Does this mean that admin_signed_in? Returns false.) Other pages that perform POST on the same controller without requiring an authentication token work as expected without leaving the administration area.
I suspect something is happening with token_authenticatable, where authentication of any areas other than that associated with this particular token ends. I looked for links in the gem source for both developing sign_out labels and logging out of the surveillance system, which could be called as part of the token_authenticatable functions and were not able to find anything.
This happens with Devise 1.3.4. Any help is appreciated.
source
share