You’ve already said that you destroy sessions when they log in if the session still exists… so just don’t destroy the session when someone logs out. You’re left with an idle session that exists until the next time they log in this way, but you can always set up some kind of scheduled thing (varies depending on OS) that will go in and clean up any sessions that haven’t had activity in amount of time.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks