README.md in quo_vadis-2.2.0 vs README.md in quo_vadis-2.2.1

- old
+ new

@@ -169,11 +169,11 @@ - a `:password` field; - optionally a `:password_confirmation` field; - a field for their identifier; - an `:email` field if the identifier is not their email. -In your controller, use the [`#login`](#loginmodel-browser_session-%3D-true) method to log in your new user. The optional second argument specifies for how long the user should be logged in, and any metadata you supply is logged in the audit log. +In your controller, use the [`#login`](#loginmodel-browser_session--true-metadata-) method to log in your new user. The optional second argument specifies for how long the user should be logged in, and any metadata you supply is logged in the audit log. After logging in the user, redirect them wherever you like. You can use `qv.path_after_signup` which resolves to the first of these routes that exists: `:after_signup`, `:after_login`, the root route. ```ruby class UsersController < ApplicationController @@ -236,10 +236,44 @@ - the page they tried to view before they were redirected to the login page; - a route named `after_login`, if any; - your root route. +### Logout + +Send a DELETE request to `quo_vadis.logout_path`. For example: + +```ruby +button_to 'Log out', quo_vadis.logout_path, method: :delete +``` + +Note you are responsible for removing any application session data you want removed. To do so, subclass `QuoVadis::SessionsController` and override the `destroy` method: + +````ruby +# app/controllers/custom_sessions_controller.rb +class CustomSessionsController < QuoVadis::SessionsController + def destroy + reset_session + super + end +end +``` + +Add a route: + +```ruby +# config/routes.rb +delete 'logout', to: 'custom_sessions#destroy' +``` + +And then point your log out button at your custom action: + +```ruby +button_to 'Log out', main_app.logout_path, method: :delete +``` + + ### Two-factor authentication (2FA) or Two-step verification (2SV) If you do not want 2FA at all, set `QuoVadis.two_factor_authentication_mandatory false` in your configuration and skip the rest of this section. If you do want 2FA, you can choose whether it is mandatory or optional for your users by setting `QuoVadis.two_factor_authentication_mandatory <true|false>` in your configuration. @@ -488,8 +522,8 @@ If you don't want a specific flash message at all, give the key an empty value in your locale file. ## Intellectual Property -Copyright 2011-2022 Andrew Stewart (boss@airbladesoftware.com). +Copyright Andrew Stewart (boss@airbladesoftware.com). Released under the MIT licence.