From 6a2f248fe4ed59f512dd318a006209fb7b71aa7e Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 24 Jan 2022 21:52:45 +0100 Subject: [PATCH] Renew Rails session ID on successful registration --- app/controllers/auth/registrations_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index 3c9b38a4bf..0db9cb84d7 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -141,6 +141,11 @@ class Auth::RegistrationsController < Devise::RegistrationsController def sign_up(resource_name, resource) clear_captcha! + + old_session_values = session.to_hash + reset_session + session.update old_session_values.except('session_id') + super end