Force All Users To Sign Out

If you are using cookie-based authentication and you want to sign out all users (so that they have to re-authenticate), you need to invalidate all of the cookies.

Because the cookies live in the client's browser, you cannot simply clear them like you would with session-based authentication. Instead, you need to replace the session token used to create all those cookies.

First, get a new token:

$ bundle exec rake secret
538696c1399ff182486e09980ba915d098b8fb23a3ace42c3eea0ab51b18fdff7895cd620f32b263d10d25c2fdba16647f4d8632e9032eccef7406e1ad9cba09

Then, replace the current secret_key_base value with that new secret token wherever it is stored in the production environment.

source

Last updated