Home/ Questions/Q 9118085
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T05:03:31+00:00

Definition of strange: My app’s session model seems to work fine. The cookie (user.remember_token

  • 0

Definition of strange:
My app’s session model seems to work fine. The cookie (user.remember_token = SecureRandom.urlsafe_base64) is stored, the signin persists. Life is good.

Yet, when a user edits their profile and clicks submit, they are logged out.

This SO Question makes me think that Rails is ending the session because of XSRF.

But why?

Instead of posting all my code here, one link gets it all: https://github.com/chiperific/arcwmi_reports

Help!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your problem is in the User model:

    before_save :create_remember_token

def create_remember_token
  self.remember_token = SecureRandom.urlsafe_base64
end

    This will modify the remember_token whenever the user is saved – that is, when the user is created or updated. And when a user updates his/her profile, the remember_token is changed. This causes the login system to notice that the cookie no longer matches the user – and logs the user out.

    The fix – use before_create instead of before_save.

    • 0