🐛 Not update cookies when is a batch request

app/controllers/devise_token_auth/concerns/set_user_by_token.rb

@@ -154,8 +154,8 @@ def refresh_headers
       # update the response header
       response.headers.merge!(_auth_header_from_batch_request)
 
-      # set a server cookie if configured
-      if DeviseTokenAuth.cookie_enabled
+      # set a server cookie if configured and is not a batch request
+      if DeviseTokenAuth.cookie_enabled && !@is_batch_request
         set_cookie(_auth_header_from_batch_request)
       end
     end # end lock

app/controllers/devise_token_auth/confirmations_controller.rb

@@ -22,7 +22,7 @@ def show
           redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
         else
           redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
-       end
+        end
 
         redirect_to(redirect_to_link)
       else

test/controllers/devise_token_auth/confirmations_controller_test.rb

@@ -202,9 +202,12 @@ def token_and_client_config_from(body)
 
       describe 'failure' do
         test 'user should not be confirmed' do
-          assert_raises(ActionController::RoutingError) do
-            get :show, params: { confirmation_token: 'bogus' }
-          end
+          get :show,
+              params: { confirmation_token: 'bogus',
+                        redirect_url: @redirect_url }
+
+          assert_redirected_to(/^#{@redirect_url}/)
+
           @resource = assigns(:resource)
           refute @resource.confirmed?
         end