How to invalidate specific session at logout in Rails /w Devise? -

i want invalidate session when user logs out using devise, have callback catch when user logs out, more protection against session hijacking.

class applicationcontroller < actioncontroller::base   def sign_out(*args)     super(*args)     reset_session   end end

my understanding remove session info stored on server side, therefore invalidating it.

however can still login using session id got before signing out. misunderstanding how works? want invalidate session, not of them.

i using default session_store.

after googling , meditating, came apon question, modified fit needs,

all did

application_controller.rb

  def sign_out(*args)     current_user.update_attribute(:current_sign_in_token, "")     super   end

which invalidate sign_in_token, invalidating session, hijacking session id still kicked out.

Sharma