class Auth::SessionsController < Devise::SessionsController <% if ajax_login? -%>

after_action :set_csrf_headers, only: [:create, :destroy]

respond_to :html, :js

<% end -%>

# def create
#   super do |user|
#     # Custom log-in logic goes here
#   end
# end

# def destroy
#  # custom before log-out logic
#   super
#  # any extra cleaning code, like deleting flash notice
# end

def sign_in_and_redirect(resource_or_scope, *args)
  options  = args.extract_options!
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  user = args.last || resource_or_scope

  respond_to do |format|
    format.html { super }
    format.js do
      sign_in(scope, user, options) if warden.user(scope) != user
      redirect_url = after_ajax_sign_in_path_for(user)
      redirect_to redirect_url if redirect_url.present?
    end
  end
end

<% if ajax_login? -%>

protected

def after_ajax_sign_in_path_for(user)
  redirect_url = after_sign_in_path_for(user)
  if redirect_url.present
    redirect_url = "#{redirect_url}.js" if redirect_url[-3..-1] != '.js'
    redirect_url += redirect_url.match(/\?/) ? '&' : '?'
    redirect_url += "after_sign_in=true"
  end
  redirect_url
end

def after_sign_in_path_for(user)
  stored_location_for(user) || signed_in_root_path(user)
end

def set_csrf_headers
  if request.xhr?
    response.headers['X-CSRF-Token'] = form_authenticity_token.to_s
    response.headers['X-CSRF-Param'] = request_forgery_protection_token.to_s
  end
end

<% end -%> end