removal of unique_session_id on explicit user logout

VERSION

@@ -1 +1 @@
-0.7.2
+0.7.4

devise_security_extension.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = "devise_security_extension"
-  s.version = "0.7.3"
+  s.version = "0.7.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Marco Scholl", "Alexander Dreher"]

lib/devise_security_extension/hooks/session_limitable.rb

@@ -19,8 +19,16 @@
 
   if warden.authenticated?(scope) && options[:store] != false
     if record.unique_session_id != warden.session(scope)['unique_session_id'] && !env['devise.skip_session_limitable']
+      def record.skip_before_logout?; end
       warden.logout(scope)
       throw :warden, :scope => scope, :message => :session_limited
     end
   end
+end
+
+#Remove unique_session_id on explicit logout
+Warden::Manager.before_logout do |record, warden, options|
+  if record.respond_to?(:update_unique_session_id!) && !record.respond_to?(:skip_before_logout?)
+    record.update_unique_session_id!(nil)
+  end
 end

lib/devise_security_extension/models/password_archivable.rb

@@ -62,7 +62,7 @@ def old_password_params
         salt_change = if self.respond_to?(:password_salt_change) and not self.password_salt_change.nil?
           self.password_salt_change.first
         end
-        { :encrypted_password => self.encrypted_password_change.first, :password_salt => salt_change }.permit!
+        { :encrypted_password => self.encrypted_password_change.first, :password_salt => salt_change }
       end
 
       module ClassMethods