I'm working on a rails web app (not originally written by me). Devise is used for authentication. It works fine in the development environment. In production however, users can log in successfully, but on subsequent GET requests, they are no longer logged in and current_user is nil.
I'm not even sure how to debug this because it seems like all of the devise functionality is behind the scenes. Any suggestions as to what could cause this and what I can check?
The application was configured to require https and logged users out if they connected with http.
Related
I have a Rails 5 app that uses Devise for managing users and hosted on Heroku.
My site is called www.example.com but I allow my users to set up custom domains so it could be www.andyexample.com as well.
I can successfully login to www.example.com. However, when I login to www.example.com and then navigate to www.andyexample.com I'm not logged in anymore even though it's the same application.
Is there a way to keep me logged in even when I change between domains?
My understanding was that Devise uses cookies but since a cookie is stored in the browser, why does it not keep me logged in?
Not a duplicate to the suggested post since it's outdated and has 1 reply that introduces a fairly complex solution to something that should be easier to achieve.
Cheers,
I'm running two Spree Commerce 2.0.4 apps along side each other, one on localhost:3000, the other on localhost:3001. I'm using Webrick. The first is a default install - spree install --auto-accept. The second is a default install with just a few very basic theme modifications and database changes (it has a different admin email / password). Both are using Spree's devise authentication method (ie, the default).
Both apps run alongside each other just fine, as long as I don't log in. If I login on one, it works fine, until I login on the other, when I'm auto-logged out from the first, and logged in OK on the second. So, I can only be logged in on one at a time.
Ideally, I'd like to be logged in as admin on both at the same time, without them interfering with each other.
I just started another (non-spree) Rails app on localhost:3002. It's a simple blog, using devise for auth, and it's authentication system doesn't seem to be affected by the two spree apps. So, the issue seems to be specific to the spree apps.
Any ideas as to what could be the problem, or how I can run two spree apps locally without them interfering with each other's user authentication?
UPDATE: I just tried making both spree installs have an admin account with the same email / password, and logging in with that account. However, the same issue remains - logging in on one app logs me out on the other.
You can try to use two different browsers. Such as Chrome for 3000, Firefox for 3001.
In my Dev environment, everything runs flawlessly. But, after deployment to Heroku, I can't log in. After filling out both the Sign in & Sign Up forms, I am redirected to the Root URL, but the UnAuthenticated page is shown and I do not have access to any of the Authenticated Routes.
A few notes:
After Signing Up, a User record is created in the db
After Signing IN, a Sign in Count is added in the db
I am 100% confident the db is setup & migrated correctly (haven done this many times)
Their are no errors in heroku logs. It appears that I am simply
redirected when trying to access Authenticated routes.
Does anyone have any suggestions? Getting desperate with this one :\
My problem was in my session_store.rb file. I had changed it to accomodate for subdomains, yet the :domain => was set to my local dev environment url (lvh.me). I changed it to :all, and the app now works as it should.
Good luck!
I have a Rails 3.0 application with the latest version of Authlogic. The user login works as expected on localhost. It works in production when using Safari or Firefox or Chrome in incognito mode, but it does not work when using Chrome normally. I have a Resque interface hooked up in the config.ru, but turning it on or off does not make a difference.
It does work when allow_http_basic_auth is set to false, but I need this to be enabled because our API makes use of basic auth.
Anyone else have a similar issue or any idea what could be causing this to happen?
UPDATE:
So I can login in Chrome using http_basic by typing the full URL (e.g. https://user:pass#site.com).
The cookie is the same in Chrome (when not able to log in) as it is in Safari.
It look like what is happening is that the user actually gets logged in, then redirect to a different page (302). This page then thinks that the user is not logged in and the user then gets redirected to the login page.
I've implemented twitter authentication in my rails app, on my local dev box. However I'm not able to get the application to log off. Isn't it enough to clear these two cookies?
remember-token and -twitterauth-session?
I'm not familiar with the specifics of Twitter authentication but generally you should invoke the reset_session method in your controller.