From e24f417f26777b633c68be746d81241b54fee366 Mon Sep 17 00:00:00 2001
From: aaronchi <aaronchi@gmail.com>
Date: Tue, 7 Oct 2014 21:16:35 -0700
Subject: [PATCH 1/2] Don't set unique_session_id if
 devise.skip_session_limitable is set

---
 lib/devise_security_extension/hooks/session_limitable.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/devise_security_extension/hooks/session_limitable.rb b/lib/devise_security_extension/hooks/session_limitable.rb
index 8e828568..7dbc03ca 100644
--- a/lib/devise_security_extension/hooks/session_limitable.rb
+++ b/lib/devise_security_extension/hooks/session_limitable.rb
@@ -3,7 +3,7 @@
 # and on authentication. Retrieving the user from session (:fetch) does
 # not trigger it.
 Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
-  if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope])
+  if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_session_limitable']
     unique_session_id = Devise.friendly_token
     warden.session(options[:scope])['unique_session_id'] = unique_session_id
     record.update_unique_session_id!(unique_session_id)

From 069d75b70b84d377f9be0aad48e12edad3e59467 Mon Sep 17 00:00:00 2001
From: aaronchi <aaronchi@gmail.com>
Date: Tue, 14 Oct 2014 14:18:33 -0700
Subject: [PATCH 2/2] don't limit impersonated sessions

---
 lib/devise_security_extension/hooks/session_limitable.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/devise_security_extension/hooks/session_limitable.rb b/lib/devise_security_extension/hooks/session_limitable.rb
index 7dbc03ca..a4881031 100644
--- a/lib/devise_security_extension/hooks/session_limitable.rb
+++ b/lib/devise_security_extension/hooks/session_limitable.rb
@@ -3,7 +3,7 @@
 # and on authentication. Retrieving the user from session (:fetch) does
 # not trigger it.
 Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
-  if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_session_limitable']
+  if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_session_limitable']  && !warden.request.session.key?('impersonator_id')
     unique_session_id = Devise.friendly_token
     warden.session(options[:scope])['unique_session_id'] = unique_session_id
     record.update_unique_session_id!(unique_session_id)
@@ -18,7 +18,7 @@
   env   = warden.request.env
 
   if record.respond_to?(:unique_session_id) && warden.authenticated?(scope) && options[:store] != false
-    if record.unique_session_id != warden.session(scope)['unique_session_id'] && !env['devise.skip_session_limitable']
+    if record.unique_session_id != warden.session(scope)['unique_session_id'] && !env['devise.skip_session_limitable'] && !warden.request.session.key?('impersonator_id')
       warden.logout(scope)
       throw :warden, :scope => scope, :message => :session_limited
     end