Syed M. Sawaid

If I don't use remember_me option, it works perfectly fine. The app flows as expected.

However, if I check remember_me, it will login in as expected, redirect me to a protected page, which will then redirect me back to the sign_in page (Since I use before_action :authenticate_user!. One other thing that user_signed_in? will retrun false as well).

Here is the request cycle.
https://i.stack.imgur.com/9Lwwe.png

Here is the logs dump

Started POST "/users/sign_in" for 127.0.0.1 at 2023-06-08 22:33:44 +0500
Processing by Users::SessionsController#create as TURBO_STREAM
  Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"email"=>"example@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Log in"}
  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["email", "example@gmail.com"], ["LIMIT", 1]]
Redirected to http://127.0.0.1:3000/projects
Completed 303 See Other in 253ms (ActiveRecord: 0.4ms | Allocations: 2776)


Started GET "/projects" for 127.0.0.1 at 2023-06-08 22:33:44 +0500
Processing by ProjectsController#index as TURBO_STREAM
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms | Allocations: 356)


Started GET "/users/sign_in" for 127.0.0.1 at 2023-06-08 22:33:44 +0500
Processing by Users::SessionsController#new as TURBO_STREAM
  Rendering layout layouts/application.html.erb
  Rendering devise/sessions/new.html.erb within layouts/application
  Rendered devise/shared/_links.html.erb (Duration: 0.6ms | Allocations: 230)
  Rendered devise/sessions/new.html.erb within layouts/application (Duration: 2.5ms | Allocations: 1060)
  Rendered shared/_navbar.html.erb (Duration: 0.1ms | Allocations: 47)
  Rendered layouts/_flash.html.erb (Duration: 0.1ms | Allocations: 20)
  Rendered layout layouts/application.html.erb (Duration: 6.7ms | Allocations: 3860)
Completed 200 OK in 9ms (Views: 7.4ms | ActiveRecord: 0.0ms | Allocations: 4622)

As for my `Gemfile

source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }

ruby '3.2.1'

# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
gem 'rails', github: 'rails/rails', branch: 'main'

# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
gem 'sprockets-rails'

# Use pg as the database for Active Record
gem 'pg', '~> 1.1'

# Use the Puma web server [https://github.com/puma/puma]
gem 'puma', '~> 5.0'

# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
gem 'importmap-rails'

# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
gem 'turbo-rails'

# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
gem 'stimulus-rails'

# Build JSON APIs with ease [https://github.com/rails/jbuilder]
gem 'jbuilder'

# Use Redis adapter to run Action Cable in production
gem 'redis', '~> 4.0'

# Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]
# gem "kredis"

# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
# gem "bcrypt", "~> 3.1.7"

# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: %i[ mingw mswin x64_mingw jruby ]

# Reduces boot times through caching; required in config/boot.rb
gem 'bootsnap', require: false

# Use Sass to process CSS
# gem "sassc-rails"

# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
# gem "image_processing", "~> 1.2"

group :development, :test do
  # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
  gem 'debug', platforms: %i[ mri mingw x64_mingw ]
  gem 'rubocop'
end

group :development do
  # Use console on exceptions pages [https://github.com/rails/web-console]
  gem 'web-console'

  # Annotate database models
  gem 'annotate'
  gem 'rails-erd'

  # Add speed badges [https://github.com/MiniProfiler/rack-mini-profiler]
  # gem "rack-mini-profiler"

  # Speed up commands on slow machines / big apps [https://github.com/rails/spring]
  # gem "spring"
end

group :test do
  # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
  gem 'capybara'
  gem 'selenium-webdriver'
  gem 'webdrivers'
end

# Custom Gems
gem 'acts_as_list', '~> 1.1'
gem 'acts_as_recursive_tree', '~> 3.3'
gem 'cssbundling-rails', '~> 1.1', '>= 1.1.2'
gem 'date_validator', '~> 0.12.0'
gem 'devise', '~> 4.9', '>= 4.9.2'
gem 'name_of_person', '~> 1.1'
gem 'pay', '~> 6.3'
gem 'requestjs-rails'
gem 'responders', '~> 3.1'
gem 'stripe', '~> 8.5'

I am just so confused, could be due to timezone issues? Or possibly some other misconfiguration?

UPDATE:
Here is my devise config (removed all the comments)

Devise.setup do |config|
  config.mailer_sender = 'hey@example.com'

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [:email]

  config.strip_whitespace_keys = [:email]

  config.skip_session_storage = [:http_auth]

  config.stretches = Rails.env.test? ? 1 : 12

  config.reconfirmable = true

  config.remember_for = 2.weeks

  config.expire_all_remember_me_on_sign_out = true

  config.password_length = 6..128

  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/

  config.reset_password_within = 6.hours

  config.sign_out_via = :get

  config.navigational_formats = ['*/*', :html, :turbo_stream]

  config.responder.error_status = :unprocessable_entity
  config.responder.redirect_status = :see_other
end

The sessions_controller is just empty. I didn't override anything.

class Users::SessionsController < Devise::SessionsController
  # before_action :configure_sign_in_params, only: [:create]

  # GET /resource/sign_in
  # def new
  #   super
  # end

  # POST /resource/sign_in
  # def create
  #   super
  # end

  # DELETE /resource/sign_out
  # def destroy
  #   super
  # end

  # protected

  # If you have extra params to permit, append them to the sanitizer.
  # def configure_sign_in_params
  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
  # end
end

The only changes I made were to registrations_controller.

# frozen_string_literal: true

class Users::RegistrationsController < Devise::RegistrationsController
  # before_action :configure_sign_up_params, only: [:create]
  before_action :configure_account_update_params, only: [:update]

  # GET /resource/sign_up
  # def new
  #   super
  # end

  # POST /resource
  # def create
  #   super
  # end

  # GET /resource/edit
  # def edit
  #   super
  # end

  # PUT /resource
  # def update
  #   super
  # end

  # DELETE /resource
  # def destroy
  #   super
  # end

  # GET /resource/cancel
  # Forces the session data which is usually expired after sign
  # in to be expired now. This is useful if the user wants to
  # cancel oauth signing in/up in the middle of the process,
  # removing all OAuth session data.
  # def cancel
  #   super
  # end

  protected

  # If you have extra params to permit, append them to the sanitizer.
  # def configure_sign_up_params
  #   devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
  # end

  # If you have extra params to permit, append them to the sanitizer.
  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, keys: [:name])
  end

  def after_update_path_for(resource)
    edit_user_registration_path(resource)
  end

  # The path used after sign up for inactive accounts.
  # def after_inactive_sign_up_path_for(resource)
  #   super(resource)
  # end
end

Thank you sharing this wonderful feature of ActiveRecord