class Devise::Strategies::Rememberable

Remember the user through the remember token. This strategy is responsible to verify whether there is a cookie with the remember token, and to recreate the user from this cookie if it exists. Must be called before authenticatable.

Public Instance Methods

authenticate!() click to toggle source

To authenticate a user we deserialize the cookie and attempt finding the record in the database. If the attempt fails, we pass to another strategy handle the authentication.

# File lib/devise/strategies/rememberable.rb, line 20
def authenticate!
  resource = mapping.to.serialize_from_cookie(*remember_cookie)

  unless resource
    cookies.delete(remember_key)
    return pass
  end

  if validate(resource)
    remember_me(resource) if extend_remember_me?(resource)
    resource.after_remembered
    success!(resource)
  end
end
clean_up_csrf?() click to toggle source

No need to clean up the CSRF when using rememberable. In fact, cleaning it up here would be a bug because rememberable is triggered on GET requests which means we would render a page on first access with all csrf tokens expired.

# File lib/devise/strategies/rememberable.rb, line 40
def clean_up_csrf?
  false
end
valid?() click to toggle source

A valid strategy for rememberable needs a remember token in the cookies.

# File lib/devise/strategies/rememberable.rb, line 12
def valid?
  @remember_cookie = nil
  remember_cookie.present?
end

Private Instance Methods

extend_remember_me?(resource) click to toggle source
# File lib/devise/strategies/rememberable.rb, line 46
def extend_remember_me?(resource)
  resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
end
remember_key() click to toggle source
# File lib/devise/strategies/rememberable.rb, line 54
def remember_key
  mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
end
remember_me?() click to toggle source
# File lib/devise/strategies/rememberable.rb, line 50
def remember_me?
  true
end