Remember Me in Devise fails to Login User
If I don't use remember_me option, it works perfectly fine. The app flows as expected.
However, if I check remember_me, it will login in as expected, redirect me to a protected page, which will then redirect me back to the sign_in page (Since I use before_action :authenticate_user!. One other thing that user_signed_in? will retrun false as well).
Here is the request cycle.
https://i.stack.imgur.com/9Lwwe.png
Here is the logs dump
Started POST "/users/sign_in" for 127.0.0.1 at 2023-06-08 22:33:44 +0500
Processing by Users::SessionsController#create as TURBO_STREAM
Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"email"=>"example@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Log in"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["email", "example@gmail.com"], ["LIMIT", 1]]
Redirected to http://127.0.0.1:3000/projects
Completed 303 See Other in 253ms (ActiveRecord: 0.4ms | Allocations: 2776)
Started GET "/projects" for 127.0.0.1 at 2023-06-08 22:33:44 +0500
Processing by ProjectsController#index as TURBO_STREAM
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms | Allocations: 356)
Started GET "/users/sign_in" for 127.0.0.1 at 2023-06-08 22:33:44 +0500
Processing by Users::SessionsController#new as TURBO_STREAM
Rendering layout layouts/application.html.erb
Rendering devise/sessions/new.html.erb within layouts/application
Rendered devise/shared/_links.html.erb (Duration: 0.6ms | Allocations: 230)
Rendered devise/sessions/new.html.erb within layouts/application (Duration: 2.5ms | Allocations: 1060)
Rendered shared/_navbar.html.erb (Duration: 0.1ms | Allocations: 47)
Rendered layouts/_flash.html.erb (Duration: 0.1ms | Allocations: 20)
Rendered layout layouts/application.html.erb (Duration: 6.7ms | Allocations: 3860)
Completed 200 OK in 9ms (Views: 7.4ms | ActiveRecord: 0.0ms | Allocations: 4622)
As for my `Gemfile
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }
ruby '3.2.1'
# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
gem 'rails', github: 'rails/rails', branch: 'main'
# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
gem 'sprockets-rails'
# Use pg as the database for Active Record
gem 'pg', '~> 1.1'
# Use the Puma web server [https://github.com/puma/puma]
gem 'puma', '~> 5.0'
# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
gem 'importmap-rails'
# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
gem 'turbo-rails'
# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
gem 'stimulus-rails'
# Build JSON APIs with ease [https://github.com/rails/jbuilder]
gem 'jbuilder'
# Use Redis adapter to run Action Cable in production
gem 'redis', '~> 4.0'
# Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]
# gem "kredis"
# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
# gem "bcrypt", "~> 3.1.7"
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: %i[ mingw mswin x64_mingw jruby ]
# Reduces boot times through caching; required in config/boot.rb
gem 'bootsnap', require: false
# Use Sass to process CSS
# gem "sassc-rails"
# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
# gem "image_processing", "~> 1.2"
group :development, :test do
# See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
gem 'debug', platforms: %i[ mri mingw x64_mingw ]
gem 'rubocop'
end
group :development do
# Use console on exceptions pages [https://github.com/rails/web-console]
gem 'web-console'
# Annotate database models
gem 'annotate'
gem 'rails-erd'
# Add speed badges [https://github.com/MiniProfiler/rack-mini-profiler]
# gem "rack-mini-profiler"
# Speed up commands on slow machines / big apps [https://github.com/rails/spring]
# gem "spring"
end
group :test do
# Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
gem 'capybara'
gem 'selenium-webdriver'
gem 'webdrivers'
end
# Custom Gems
gem 'acts_as_list', '~> 1.1'
gem 'acts_as_recursive_tree', '~> 3.3'
gem 'cssbundling-rails', '~> 1.1', '>= 1.1.2'
gem 'date_validator', '~> 0.12.0'
gem 'devise', '~> 4.9', '>= 4.9.2'
gem 'name_of_person', '~> 1.1'
gem 'pay', '~> 6.3'
gem 'requestjs-rails'
gem 'responders', '~> 3.1'
gem 'stripe', '~> 8.5'
I am just so confused, could be due to timezone issues? Or possibly some other misconfiguration?
UPDATE:
Here is my devise config (removed all the comments)
Devise.setup do |config|
config.mailer_sender = 'hey@example.com'
require 'devise/orm/active_record'
config.case_insensitive_keys = [:email]
config.strip_whitespace_keys = [:email]
config.skip_session_storage = [:http_auth]
config.stretches = Rails.env.test? ? 1 : 12
config.reconfirmable = true
config.remember_for = 2.weeks
config.expire_all_remember_me_on_sign_out = true
config.password_length = 6..128
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
config.reset_password_within = 6.hours
config.sign_out_via = :get
config.navigational_formats = ['*/*', :html, :turbo_stream]
config.responder.error_status = :unprocessable_entity
config.responder.redirect_status = :see_other
end
The sessions_controller is just empty. I didn't override anything.
class Users::SessionsController < Devise::SessionsController
# before_action :configure_sign_in_params, only: [:create]
# GET /resource/sign_in
# def new
# super
# end
# POST /resource/sign_in
# def create
# super
# end
# DELETE /resource/sign_out
# def destroy
# super
# end
# protected
# If you have extra params to permit, append them to the sanitizer.
# def configure_sign_in_params
# devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
# end
end
The only changes I made were to registrations_controller.
# frozen_string_literal: true
class Users::RegistrationsController < Devise::RegistrationsController
# before_action :configure_sign_up_params, only: [:create]
before_action :configure_account_update_params, only: [:update]
# GET /resource/sign_up
# def new
# super
# end
# POST /resource
# def create
# super
# end
# GET /resource/edit
# def edit
# super
# end
# PUT /resource
# def update
# super
# end
# DELETE /resource
# def destroy
# super
# end
# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.
# def cancel
# super
# end
protected
# If you have extra params to permit, append them to the sanitizer.
# def configure_sign_up_params
# devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
# end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:name])
end
def after_update_path_for(resource)
edit_user_registration_path(resource)
end
# The path used after sign up for inactive accounts.
# def after_inactive_sign_up_path_for(resource)
# super(resource)
# end
end
I don't know why, but on my computer it saves accounts that are not mine on this website. It's confusing.
Same problem.
Rails 7.1.3.2
Login without remember me function OK.
It doesn't work with it.
Solution: Revert to Rails 7.1.0 + Devise 4.9.4