From b5d4ad2e2f23fc53dd34d72b8bd7e5e23176926d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20K=C3=B6gel?= <i.jan.koegel@gmail.com>
Date: Wed, 14 Feb 2024 14:26:07 +0100
Subject: [PATCH 1/2] session_timeout: make sure the remember_me submodule's
 before_logout hook gets called on logout

+ only logout calls before & after logout hooks:
https://github.com/Sorcery/sorcery/blob/d9dc0bd80a3d5689398baea4489b14ed78e6c42d/lib/sorcery/controller.rb#L75-L78

+ remember_me uses a before_logout hook to clear its cookie:
https://github.com/Sorcery/sorcery/blob/d9dc0bd80a3d5689398baea4489b14ed78e6c42d/lib/sorcery/controller/submodules/remember_me.rb#L22
---
 lib/sorcery/controller/submodules/session_timeout.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/sorcery/controller/submodules/session_timeout.rb b/lib/sorcery/controller/submodules/session_timeout.rb
index f02b221f..b332a6aa 100644
--- a/lib/sorcery/controller/submodules/session_timeout.rb
+++ b/lib/sorcery/controller/submodules/session_timeout.rb
@@ -52,8 +52,7 @@ def register_login_time(_user, _credentials = nil)
           def validate_session
             session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
             if (session_to_use && sorcery_session_expired?(session_to_use.to_time)) || sorcery_session_invalidated?
-              reset_sorcery_session
-              remove_instance_variable :@current_user if defined? @current_user
+              logout
             else
               session[:last_action_time] = Time.now.in_time_zone
             end

From 3d7e57bd3d88c3c803cb59a5e66a9810f821e25e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20K=C3=B6gel?= <i.jan.koegel@gmail.com>
Date: Wed, 14 Feb 2024 14:31:18 +0100
Subject: [PATCH 2/2] CHANGELOG: update.

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 08891148..3067b196 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 ## HEAD
 
+* Fix to invalidate sessions with remember_me cookie [#358](https://github.com/Sorcery/sorcery/pull/358)
+
 ## 0.16.5
 
 * Raise ArgumentError when calling change_password! with blank password [#333](https://github.com/Sorcery/sorcery/pull/333)