is session store necessary?

[lolgear]

Is session store necessary for devise_token_auth? It seems that it doesn't need a session ( auth based on tokens ), but if I disable session ( by config.session_store :disabled ), /validate_token works well, but all my controller actions fail.

[lynndylanhurley]

Session storage is necessary for OmniAuth to function. Apart from that I don't think it's a requirement. What errors are you seeing?

[lolgear]

@lynndylanhurley, I try to migrate from devise to devise_token_auth and I stuck at authentication via safari. Chrome works well, but safari don't. Frontend guy noticed, that I didn't disable session ( session_store was cookies ), and chrome worked well with them, but safari didn't work with them. But when I disable session ( session_store :disabled ), everything became broken and every custom ( my ) action on every controller from api returned an error 401

[zachfeldman]

Hi there @lolgear ,

In an effort to cleanup this project and prioritize a bit, we're marking issues that haven't had any activity in a while with a "close-in-7-days" label. If we don't hear from you in about a week, we'll be closing this issue. Obviously feel free to re-open it at any time if it's the right time or this was done in error!

If you are still having the issue (especially if it's a bug report) please refer to our new Issue Template to provide some more details to help us solve it.

Hope all is well.