Expired token aren't removed when session expires

[CarmineM74]

Hi there,

I have noticed that when the user session expires and a sign_out request is sent to the backend, it replies with a 404 status and an error message of: "User was not found or was not logged in.".

This results in expired tokens piling up on the user model.

Is this the correct behaviour? I mean whose responsibility is it to clean after expired tokens? Shouldn't it be the destroy method of sessions controller, or there should be something else taking care of them? Or a combinantion of both, after all a sign_out request might not come at all since the user could simply close the browser.

Thanks for your help

[lynndylanhurley]

I've been thinking of adding an after_save callback that deletes expired tokens. I'll add this to the next release unless you have another suggestion.

[CarmineM74]

Considering sign_in has to occur in order for the user to use the system, and the fact that expired tokens doesn't pose a threat, I'd say after_save sounds like a good choice.

[lynndylanhurley]

I just pushed support for this in version 0.1.29.beta7. Please verify that it works for you.