Ask A Question

Notifications

You’re not receiving notifications from this thread.

Rails API not able to destroy session

Smit Sanghvi asked in Rails

I am using Rails API and devise for authentication but when sending a request to destroy the session, it doesn't return any response other then status 200.It returns the same response no matter if the user exists, is logged in or the password is incorrect.

url http://localhost:3000/users/sign_in

I'm sending a DELETE request through Postman and it just returns a 200 response. It should be returning the data which is stored in the @message

{
"user":{
"email":"abc@abc.com",
"password":"abc@abc.com"
}
}

I even tried to destory the session using the session id:

curl -X DELETE -d "3" http://localhost:3000/users/sign_out

sessions_controller.rb

class API::V1::SessionsController < Devise::SessionsController
def create
@user = User.find_by_email(user_params[:email])
if @user && @user.valid_password?(user_params[:password])
session[:user_id]=@user.id
sign_in :user, @user
render json: @user
elsif @user && not(@user.valid_password?(user_params[:password]))
invalid_attempt
else
no_user
end
end

def destroy
@message = "signed out"
session.delete(:user_id)
sign_out(@user)
render json: @message
end

private

def no_user
render json: {error: "An account with this email doesn't exist. Please create a new one"}, status: :unprocessable_entity
end

def invalid_attempt
render json: { error: "Your password isn't correct" }, status: :unprocessable_entity
end

def user_params
params.require(:user).permit(:email, :password)
end
end

Reply
Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 85,376+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.