Home/ Questions/Q 8278503
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T09:02:25+00:00

I’m using devise 1.1.RC0 for user authentication in a rails 3.0.0 app. Due to

  • 0

I’m using devise 1.1.RC0 for user authentication in a rails 3.0.0 app.

Due to a problem with this version of devise, and the fact that our login process takes place on a (secure) subdomain, when a user logs in, the remember_user_token cookie does not get set. This only happens in production where subdomains are involved: the app will correctly set a remember_user_token cookie when testing locally.

To get around this problem, I’ve adjusted my user_sessions#create action to set this remember_user_token manually:

  def create
    user = User.where("lower(email) = ?", params[:user][:email].downcase).first
    if user and user.valid_password?(params[:user][:password])
      sign_in(:user, user)
      current_user.remember_me = true if params[:user][:remember_me]

      #ensure remember_user_token is set
      if Rails.env.production?
        cookies.signed["remember_user_token"] = {
          :value => user.class.serialize_into_cookie(user),
          :expires => 3.months.from_now,
          :domain => ".app_name.com",
        }
      end

    else
      flash[:error] = "Login incorrect"
      render :action => 'new'
    end
  end

This does set a remember_user_token cookie in production. From there, if I delete the session cookie using browser tools and then refresh the page, the session cookie pops back in and I remain logged in – which I assume is what the remember_user_token cookie is responsible for.

However, if I close the browser and restart my computer while logged in, I’m no longer logged in when I turn my computer back on and go to my app’s url.

What’s the correct way to set this remember_user_token cookie? What I’m I missing? I’d appreciate any help.

Here’s my session_store initializer:

if Rails.env.production?
  AppName::Application.config.session_store :cookie_store, :key => '_app_name_session', :domain => '.appname.com'
else
  AppName::Application.config.session_store :cookie_store, :key => '_app_name_session'
end

Here’s the relevant code in my User model:

  devise :database_authenticatable, :registerable, 
         :recoverable, :rememberable, :trackable, :validatable
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Needed to reload the user before passing them to serialize_into_cookie:

      sign_in(:user, user)
  current_user.remember_me!

  #ensure remember_user_token is set
  if Rails.env.production?
    cookies.signed["remember_user_token"] = {
      :value => user.class.serialize_into_cookie(user.reload),
      :expires => 3.months.from_now,
      :domain => ".app_name.com",
    }
  end
    • 0