I'm trying to do the test signup at the end of lecture 113 in Upskill's Essential Web Developer course, however I get the following error and I have been over and over the previous lectures and cannot pinpoint where I have gone wrong.
Stripe::InvalidRequestError in Users::RegistrationsController#create
This customer has no attached payment source
Extracted source (around line #10):
8 def save_with_subscription
9 if valid?
10 customer = Stripe::Customer.create(description: email, plan: plan_id, card: stripe_card_token)
11 self.stripe_customer_token = customer.id
12 save!
13 end
Rails.root: /home/ubuntu/workspace/saasapp
Application Trace | Framework Trace | Full Trace
app/models/user.rb:10:in `save_with_subscription'
app/controllers/users/registrations_controller.rb:7:in `block in create'
app/controllers/users/registrations_controller.rb:3:in `create'
Request
Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"/4EiUCLerdc0o+vIbZWWZzxC3cm1TSjyWGs/lYq/H4RiT6zwohUJUQnZaIrxADF2RiWcs6G3BDXiRDQT/bEa4Q==",
"plan"=>"2",
"user"=>{"email"=>"test#example.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"},
"commit"=>"Sign up"}
Toggle session dump
Toggle env dump
Response
Headers:
None
LOG
Started POST "/users" for 81.140.28.63 at 2017-01-18 21:24:44 +0000
Cannot render console from 81.140.28.63! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by Users::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"GIGatf9j6proPQgjnjCwR6r6BBeDLCYa2lhOG453bQLwln1wTOEbVSPaPow6ZLGBcGpvX3Qm1Fw03vpQc0Xtsg==", "plan"=>"2", "user"=>{"email"=>"test#example.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
(0.1ms) begin transaction
User Exists (0.3ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "test#example.com"], ["LIMIT", 1]]
(0.2ms) rollback transaction
User Exists (0.2ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "test#example.com"], ["LIMIT", 1]]
Plan Load (0.1ms) SELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT ? [["id", 2], ["LIMIT", 1]]
Completed 500 Internal Server Error in 905ms (ActiveRecord: 0.9ms)
Stripe::InvalidRequestError (This customer has no attached payment source):
app/models/user.rb:10:in `save_with_subscription'
app/controllers/users/registrations_controller.rb:7:in `block in create'
app/controllers/users/registrations_controller.rb:3:in `create'
Rendering /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout
Rendering /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/_source.html.erb
Rendered /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/_source.html.erb (9.5ms)
Rendering /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
Rendered /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (4.3ms)
Rendering /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
Rendered /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (2.7ms)
Rendered /usr/local/rvm/gems/ruby-2.3.0#saasapp/gems/actionpack-5.0.0/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout (43.3ms)
I would recommend dividing out the requests to see which part of it is actually failing. I suspect that the reason it's barfing is just because something else is happening and it's unable to manifest a meaningful error message.
Try this:
cus = Stripe::Customer.create(description: email)
self.stripe_customer_token = cus.id
cus.sources.create(source: stripe_card_token)
sub = Stripe::Subscription.create(customer: cus.id, plan: plan_id)
save!
I just hit the same issue.
I made the fix for the typo but still got the same error. It looks like the test card number used in the course video maybe another source for this
error too. I used a test number from the following page and all worked as expected.
https://stripe.com/docs/testing#cards
Just my 2cents!
Many thanks for taking the time to reply. So I gave it a few days and looked at it again last night and it turned out to be a rather simple and stupid mistake on my part.
In the lesson video and notes the instructor corrects a typo in the users.js file where he referenced an incorrect ID for the submit button in the form. He had typed
var submitBtn = $('#form-submit-btn');
but he had used the following in the form
var submitBtn = $('#form-signup-btn');
While I changed my users.js file to match the correction, somehow I had actually used #form-submit-btn' so when I corrected the users.js file per the lesson I actually caused the problem.
Related
I have a Rails 5 application in Heroku that does a login/logout using a sessions controller based on logic in Michael Hartl's Ruby on Rails Tutorial. I have done similar logic for several years starting with Rails 3. My application worked in localhost, production status using Passenger on my server and on Heroku. The same code is being executed. A couple of days ago I started getting the following errors when I try to log into the production version of my application on my server. However I'm still able to log into my application in localhost/development and on Heroku.
I, [2017-04-22T20:15:50.242323 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Started POST "/sessions" for 127.0.0.1 at 2017-04-22 20:15:50 -0500
I, [2017-04-22T20:15:50.243524 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Processing by SessionsController#create as HTML
I, [2017-04-22T20:15:50.243945 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Parameters: {"utf8"=>"✓", "authenticity_token"=>"RsEqEfiDw82E2YI17SVkkUcxhiqtUw75nC1i9GJmIYZlwjg6o0mXiHehCHP627iTOjyQoPA+mrmi+Bh99BxICQ==", "session"=>{"email_user"=>"pamela", "password"=>"[FILTERED]"}, "commit"=>"Login"}
W, [2017-04-22T20:15:50.245161 #65501] WARN -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Can't verify CSRF token authenticity.
I, [2017-04-22T20:15:50.246050 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, [2017-04-22T20:15:50.248110 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c]
F, [2017-04-22T20:15:50.248546 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2017-04-22T20:15:50.248894 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c]
F, [2017-04-22T20:15:50.249263 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] actionpack (5.0.2) lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'
[40a379f9-27c2-4923-a9ce-f310f96dbc4c] actionpack (5.0.2) lib/action_controller/metal/request_forgery_protection.rb:223:in `handle_unverified_request'
[40a379f9-27c2-4923-a9ce-f310f96dbc4c] actionpack (5.0.2) lib/action_controller/metal/request_forgery_protection.rb:218:in `verify_authenticity_token'
application_controller
protect_from_forgery with: :exception
include SessionsHelper
Log from localhost on the same machine where I'm able to successfully log in:
Started POST "/sessions" for ::1 at 2017-04-22 22:26:23 -0500
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"zhkoMofyRdPcwQ7v2GOYltlRv2PJM8duzbuxJsa5dAy0je/yj1CRedQM/H1Zku2ukQbbG7YF6OZd4ootV0qolA==", "session"=>{"email_user"=>"myuserid", "password"=>"[FILTERED]"}, "remember_me"=>"1", "commit"=>"Login"}
[1m[36mUser Load (74.2ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."email" = $1 LIMIT $2[0m [["email", "myuserid"], ["LIMIT", 1]]
[1m[36mUser Load (0.8ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."username" = $1 LIMIT $2[0m [["username", "myuserid"], ["LIMIT", 1]]
[1m[35m (0.2ms)[0m [1m[35mBEGIN[0m
[1m[35mSQL (22.6ms)[0m [1m[33mUPDATE "users" SET "remember_token" = $1, "updated_at" = $2 WHERE "users"."id" = $3[0m [["remember_token", "75f5152d815e24e6ce7709cc93f34265ad9161be"], ["updated_at", 2017-04-23 03:26:23 UTC], ["id", 3]]
[1m[35m (26.4ms)[0m [1m[35mCOMMIT[0m
Redirected to http://localhost:3000/
Completed 302 Found in 229ms (ActiveRecord: 124.5ms)
Started GET "/" for ::1 at 2017-04-22 22:26:23 -0500
Processing by PagesController#home as HTML
[1m[36mUser Load (7.4ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."remember_token" = $1 LIMIT $2[0m [["remember_token", "75f5152d815e24e6ce7709cc93f34265ad9161be"], ["LIMIT", 1]]
Rendering pages/home.html.erb within layouts/application
Rendered pages/home.html.erb within layouts/application (1.1ms)
Rendered layouts/_meta_data.erb (2.3ms)
Rendered layouts/_shim.html.erb (0.4ms)
Rendered layouts/_header.html.erb (1.1ms)
Rendered layouts/_systemmessage.html.erb (0.5ms)
Rendered layouts/_footer.html.erb (1.0ms)
Completed 200 OK in 270ms (Views: 236.8ms | ActiveRecord: 7.4ms)
I have search solutions and just about all of them say to shut this off which I don't want to do especially considering that this is a database maintenance application. The only difference I can see between the three executions of the code is the value for remember_token in my table since each version is using a different database. I tried setting the remember_token field on the database to null but I still get the error. I have changed nothing related to the login/logout process so I'm really puzzled. I will clone what I have in Heroku and try again.
This is the first time I have seen this error in almost six years of Rails software development. I realize that I could very well have an attack but I don't know how to debug this error. The same code works in Heroku and localhost.
UPDATE: I looked at the page source of the production application on my server. This is what the header looked like before I attempted to log in and got the error. With my localhost version and the Heroku version the two statements like those below appear after login.
<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="JoPFlDzY0SYSpOSq0dXgafSICgZ9qXJz/x4tX31owZPh3cu7fNR553iGPn5c+RnZVOuxiEolnoOin0Rkoay4Ag==" />
UPDATE: Attempt at overriding the class InvalidAuthenticityToken raised on line 195 in rails/actionpack/lib/action_controller/metal/request_forgery_protection.rb. Currently this class has no statements. Huge guess at this point since I don't see any instructions for this or if this is even possible.
require 'action_controller/metal/request_forgery_protection'
class XxxLogger < ActionPack::ActionController::RequestForgeryProtection
source_root File.join(File.dirname(ActionPack::ActionController::RequestForgeryProtection.instance_method(:handle_unverified_request).source_location.first), "templates")
class InvalidAuthenticityToken < ActionControllerError #:nodoc:
logger.warn "Can't verify CSRF token authenticity
end
end
There are 2 tokens need to be verify, form token, csrf token. Any one of the tokens fail, will throw a InvalidAuthenticityToken exception.
At the production deploy directory, run bundle show rails, to find the exact rails directory, then add log to the related rails code, find detailed reason.
Add log in this way, logger.warn "Can't verify CSRF token authenticity.", it's the way how rails output log.
In actionpack/lib/action_controller/metal/request_forgery_protection.rb file, find why any_authenticity_token_valid? fail first.
And check this issue https://github.com/rails/rails/issues/24257#issuecomment-212203983, change to users_path, not users_url.
And take care of this,
For Rails 5, note that protect_from_forgery is no longer prepended to the before_action chain, so if you have set authenticate_user before protect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use protect_from_forgery prepend: true.
I am taking over a project where Devise is in use. No signup needed because users are created when they provide their email for another purpose. Then the user receives an email with the link to password setup.
Now I want to also allow signup, but it still searches for an existing email, as seen in the log (several user models, the one used here is Traveler):
Started POST "/en/travelers" for 127.0.0.1 at 2015-10-02 09:07:09 +0200
Processing by DeviseInvitable::RegistrationsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"blah", "traveler"=>{"email"=>"test#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up", "protocol"=>"https"}
Traveler Load (3.3ms) SELECT "travelers".* FROM "travelers" WHERE "travelers"."email" = 'test#test.com' ORDER BY "travelers"."id" ASC LIMIT 1
(1.7ms) BEGIN
Traveler Exists (2.4ms) SELECT 1 AS one FROM "travelers" WHERE "travelers"."email" = 'test#test.com' LIMIT 1
(1.6ms) ROLLBACK
Rendered devise/registrations/new.html.erb within layouts/auth/application (14.4ms)
Rendered layouts/auth/_flash.html.erb (0.3ms)
Rendered layouts/auth/_footer.html.erb (1.3ms)
Completed 200 OK in 282ms (Views: 153.6ms | ActiveRecord: 11.0ms)
I haven't seen anything in the routes or controllers that would make that happen, any ideas on where I could investigate?
I think that your traveller is invalid. E.g. traveller with this email exists. Check it and unique constraints.
I have a small inherited rails project that uses devise to authenticate.
Recently it has started making an incorrect query to the database if the user enters an invalid password, as set out below. Previously it works as expected. I must have changed something, but I do not know what.
With a VALID password
When the user logs in with a VALID password, the console log shows similar to this
Started POST "/users/sign_in" for 192.168.2.30 at 2015-07-13 08:13:39 -0400
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"A_Long_Authenticity_Token_Goes_Here", "user"=>{"email"=>"m.mouse#disney.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["email", "m.mouse#disney.com"]]
(0.3ms) BEGIN
SQL (0.6ms) UPDATE "users" SET "last_sign_in_at" = $1, "current_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5 [["last_sign_in_at", "2015-07-10 21:17:12.592611"], ["current_sign_in_at", "2015-07-13 12:13:39.359997"], ["sign_in_count", 1000], ["updated_at", "2015-07-13 12:13:39.363621"], ["id", 22]]
(17.6ms) COMMIT
and the system carries on as normal.
With an INvalid password
When the user attempts to log in with an INVALID password, the console log shows similar to this
Started POST "/users/sign_in" for 192.168.2.30 at 2015-07-13 07:44:55 -0400
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"A_Long_Authenticity_Token_Goes_Here", "user"=>{"email"=>"m.mouse#disney.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
User Load (53.0ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["email", "m.mouse#disney.com"]]
Completed 401 Unauthorized in 288ms (ActiveRecord: 53.4ms)
Processing by Users::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"A_Long_Authenticity_Token_Goes_Here", "user"=>{"email"=>"m.mouse#disney.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
User Load (2.2ms) SELECT "users".* FROM "users" WHERE "email"."email" = 'm.mouse#disney.com' AND "email"."password" = 'ThisIsAnInvalidPassword' AND "email"."remember_me" = '0' ORDER BY "users"."id" ASC LIMIT 1
PG::UndefinedTable: ERROR: missing FROM-clause entry for table "email"
LINE 1: SELECT "users".* FROM "users" WHERE "email"."email" = 'm.mou....
: SELECT "users".* FROM "users" WHERE "email"."email" = 'm.mouse#disney.com' AND "email"."password" = 'ThisIsAnInvalidPassword' AND "email"."remember_me" = '0' ORDER BY "users"."id" ASC LIMIT 1
Completed 500 Internal Server Error in 19ms (ActiveRecord: 3.3ms)
<< Output standard rails error page >>
So far as I understand this, the system tries to read the user table as expected, but no row is found. Devise munges this into a 401 Unauthorized response. The system is then attempting to redirect back to the login page somehow using Users::SessionsController#new
The system then tries a completely new query trying to look up the user using a half formatted query. The query tries to include a table called email that does not exist in the database; the query syntax is not correct either.
Database: postgres
Rails: 2.1.2
Devise gem: 3.5.1 according to bundle show
There is no Users::SessionsController#create def, so presumably using the underlying devise version
There is a Users::SessionsController#new as follows
def new
if (Rails.env.development? || Rails.env.test?) && params[:user]
user = User.where(email: params[:user]).first
sign_in :user, user
redirect_to dashboard_home_path
else
super
end
end
The environment is development
Nothing appears to be being written to the sessions table whether the login is successful or not.
Where does that second malformed query even come from, and why does devise try to use/call Users::SessionsController#new after an invalid login attempt anyway?
Thanks in advance
No other answers I found on that issue helped me.
I have a terms and conditions box and want to validate if it's checked on creation.
In my model:
validates :terms_and_conditions, :on => :create, acceptance: true, :allow_nil => false
In my view:
<%= f.check_box(:terms_and_conditions )%>
It always fails, no matter if the check_box is checked or not. I think it never actually sets the field and the problem is in my view, but I can't find it.
Log when submitting the form.
Processing by Users::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"xNNmGTWSV4hkj0rrlZeOq+AiTlJ9sc9+cAT1Sy0bjhc=", "user"=>{"email"=>"sdasdr#gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "name"=>"", "surname"=>"", "country_id"=>"", "language"=>"", "description"=>"", "register_as_company"=>"1", "terms_and_conditions"=>"1"}, "commit"=>"Sign up"}
Unpermitted parameters: name, surname, country_id, language, description, register_as_company, terms_and_conditions
[1m[35m (0.1ms)[0m begin transaction
[1m[36mUser Exists (0.3ms)[0m [1mSELECT 1 AS one FROM "users" WHERE "users"."email" = 'sdasdr#gmail.com' LIMIT 1[0m
[1m[35m (0.1ms)[0m rollback transaction
[1m[36mCountry Load (0.2ms)[0m [1mSELECT "countries".* FROM "countries"[0m
Rendered devise/registrations/new.html.erb within layouts/application (6.1ms)
Rendered layouts/_auth_widget.html.erb (1.1ms)
Completed 200 OK in 127ms (Views: 22.8ms | ActiveRecord: 0.7ms)
You have not permitted terms_and_conditions attribute to be saved in the database. If you notice the server logs closely,
Unpermitted parameters: name, surname, country_id, language, description, register_as_company, terms_and_conditions
there are multiple attributes which are not permitted so all of them are not getting saved in database. terms_and_conditions goes as nil and results in error as the value submitted via form is ignored (because of unpermitted status).
This is related to Rails 4 Strong Parameters concept wherein only those attributes would be saved in database which are whitelisted/ permitted.
Checkout the information on Strong Parameters
Also, as per the server log I noticed that these attributes are part of User model which is a Devise model. Permitting attributes for Devise can be done in different ways,
you can refer to SO Question: Rails devise simple form not saving all fields for this.
I have an application where users can log in to their firms subdomain.
I use devise. And this code redirects the user form the root domain to the subdomain.
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
subdomain_name = current_user.firm.subdomain
if current_subdomain.nil?
# logout of root domain and login by token to subdomain
token = Devise.friendly_token
current_user.loginable_token = token
current_user.save
sign_out(current_user)
flash[:notice] = nil
home_path = valid_user_url(token, :subdomain => subdomain_name)
return home_path
else
if subdomain_name != current_subdomain.name
# user not part of current_subdomain
sign_out(current_user)
flash[:notice] = nil
flash[:alert] = "Sorry, invalid user or password for subdomain"
end
end
super
end
It works super in chrome, firefox, opera and safari, but it does not work in IE9. I do not get any error messages. Form the log i see that the user gets sigend in and when the user get redirected to the home page he/she is unauthorized. Has anyone an idea on what is going on? Form the log.
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"JaffZi9f+Uyovuya8wR2u7LjG9w/3wdUDqTqONt/kFM=",
"user"=>{"email
"=>"andreas#lizz.no", "password"=>"[FILTERED]", "remember_me"=>"0"},
"commit"=>"Sign in"}
User Load (0.0ms) SELECT "users".* FROM "users" WHERE
"users"."email" = ''whatever#atlatis.at' LIMIT 1
(0.0ms) begin transaction
(1.0ms) UPDATE "users" SET
"last_sign_in_at" = '2012-03-02 20:46:06.658370',
"current_sign_in_at" = '2012-03-
02 20:56:29.481286', "sign_in_count" = 41,
"updated_at" = '2012-03-02 20:56:29.482286' WHERE "users"."id" = 1
[paperclip] Saving attachments.
(62.0ms) commit transaction
Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."id" = 1 LIMIT 1
Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
CACHE (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
Redirected to http://den.lvh.me:3000/
Completed 302 Found in 182ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2012-03-02 21:56:29 +0100
Processing by PrivateController#statistics as HTML
Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
Completed 401 Unauthorized in 2ms
Started GET "/users/sign_in" for 127.0.0.1 at 2012-03-02 21:56:29 +0100
Processing by SessionsController#new as HTML
Rendered devise/_links.erb (2.0ms)
Rendered devise/sessions/new.html.erb within layouts/registration (13.0ms)
Completed 200 OK in 27ms (Views: 26.0ms | ActiveRecord: 0.0ms)
If you are going across subdomain it may be better to simply change your session cookie to be cross-domain.
Editing the session-store.rb file in initializers does this.
Babyreveal::Application.config.session_store :cookie_store,
key: '_babyreveal_session',
:domain => ".mybabyreveal.com"
Notice the . prefix on the domain attribtue. This allows this cookie to be accessible across subdomains and the application should maintain it's session across subdomains. May not be 100% what you are looking for but it should get you going in the right direction.