Sessions survive users table truncation #5
Description
Given user A is logged in
When the database is wiped
And user B creates a new account
Then user A may be able to access user B's account
Instead, user A should be redirected to the new account page.
Technical explanation:
Given user A is logged in with a cookies.encrypted[:user_id] of 1
When the users table is truncated
And the Rails secret_key_base is not regenerated
And user B creates an account with a users.id of 1
And user A visits the game page
Then user A will be able to make requests and ActionCable requests as user B because a cookies.encrypted[:user_id] of 1 grants access to the User with id 1.