I'm using devise with my rails 3 app. For some reason the sign in with Remember Me is not work开发者_开发问答ing.
Could this be due to testing on localhost:3000 ?
in devise.rb, I have the following set:
config.remember_for = 2.weeks
In the logs, when I post a signin I see:
Started POST "/users/sign_in" for 127.0.0.1 at Thu May 12 20:53:04 -0700 2011
Processing by SessionsController#create as HTML
Parameters: {"signIn"=>"LOG IN", "authenticity_token"=>"GR09TIq4uSbu6UWxDRhpfQeLWp7qtJTxkCFksLmFzdE=", "utf8"=>"✓", "user"=>{"remember_me"=>"on", "password"=>"[FILTERED]", "email"=>"xxxx@xxxxxxx-inc.com"}}
Is there anything wrong there?
I also have the following in my sessions_controller.rb
class SessionsController < Devise::SessionsController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
include Devise::Controllers::InternalHelpers
# GET /resource/sign_in
def new
clean_up_passwords(build_resource)
render_with_scope :new
end
# POST /resource/sign_in
def create
resource = warden.authenticate!(:scope => resource_name, :recall => "new")
#set_flash_message :notice, :signed_in
sign_in_and_redirect(resource_name, resource)
end
# GET /resource/sign_out
def destroy
#set_flash_message :notice, :signed_out if signed_in?(resource_name)
sign_out_and_redirect(resource_name)
end
protected
def after_sign_in_path_for(resource)
if resource.is_a?(User) && resource.banned?
sign_out resource
flash[:error] = "This account has been suspended."
root_path
else
super
end
end
end
Any ideas why signing in and remembering is not working? Thanks
This happens because remember_me comes in params as "on", but is compared to Devise::TRUE_VALUES, which are [true, 1, '1', 't', 'T', 'true', 'TRUE'].
The easiest way is to make it work is to insure your remember_me comes as one of that values. Example of check-box(notice value="1"):
<input type="checkbox" name="user[remember_me]" value="1" checked="checked" />
Another way if you want to make it work with "on" value you can add "on" to Devise::TRUE_VALUES. So in your config/initializers/devise.rb just add as the first line:
Devise::TRUE_VALUES << ["on"]
The Devise remember_user_token cookie could be set to 'secure only', in which case it doesn't work with the development rails server on http (browser never sends it back to the server).
Check initializers/devise.rb for rememberable_options = {:secure => true}
Do you have the sessions set aswell with config.timeout_in = 10.minutes?
If so see this contribution on stackoverflow which solves it solution
My problem with this was this single line in User.rb (I updated from Michael Hartl login mechanism to devise)
before_save :create_remember_token
I commented it out and it worked.
I also have :
User.rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,:token_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
On devise.rb, I only added Devise::TRUE_VALUES << ["on"]
and uncommented config.remember_for = 2.weeks
精彩评论