CartoDB · rafatower · Apr 16, 2015 · Apr 15, 2015 · Apr 15, 2015 · Apr 16, 2015
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -206,16 +206,18 @@ def current_user
   # - Else: the first session found at request.session that comes from warden
   def current_viewer
     if @current_viewer.nil?
-      authenticated_usernames = request.session.select {|k,v| k.start_with?("warden.user")}.values
-      current_user_present = authenticated_usernames.select { |username|
-        CartoDB.extract_subdomain(request) == username
-      }.first
-
-      if current_user_present.nil?
-        authenticated_username = authenticated_usernames.first
-        @current_viewer = authenticated_username.nil? ? nil : User.where(username: authenticated_username).first
-      else
+      if current_user && env["warden"].authenticated?(current_user.username)
         @current_viewer = current_user
+      else
+        authenticated_usernames = request.session.select {|k,v| k.start_with?("warden.user")}.values
+        current_user_present = authenticated_usernames.select { |username|
+          CartoDB.extract_subdomain(request) == username
+        }.first
+
+        if current_user_present.nil?
+          authenticated_username = authenticated_usernames.first
+          @current_viewer = authenticated_username.nil? ? nil : User.where(username: authenticated_username).first
+        end
       end
     end
     @current_viewer

diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
@@ -71,6 +71,11 @@ def valid?
     params[:api_key].present?
   end
 
+  # We don't want to store a session and send a response cookie
+  def store?
+    false
+  end
+
   def authenticate!
     begin
       if (api_key = params[:api_key]) && api_key.present?