Devise accepts logging in and Unauthorize right afterwards
17 views
Skip to first unread message
Olivier Milla
Jun 5, 2014, 4:29:37 PM6/5/14
to plataforma...@googlegroups.com
Hello,
I'm facing a behavior I can't trace where Devise grants access (SessionController#create), sign_in_and_redirect and then Unauthorize the access. I fail to see any reason for such a behavior.
A more detailed description of the problem is available here with logs, etc.
I would gladly accept any input here. My last and unverified assumption is that:
1 - Devise does its own CSRF authenticity token check, as mine is turned off (no protect_from_forgery).
2 - Devise fails to see the token I add as an hidden field to the form posted to SessionsController#create (no jquery-rails adding it automatically so I add it by hand).
I truly appreciate your help.
O.
I'm facing a behavior I can't trace where Devise grants access (SessionController#create), sign_in_and_redirect and then Unauthorize the access. I fail to see any reason for such a behavior.
A more detailed description of the problem is available here with logs, etc.
I would gladly accept any input here. My last and unverified assumption is that:
1 - Devise does its own CSRF authenticity token check, as mine is turned off (no protect_from_forgery).
2 - Devise fails to see the token I add as an hidden field to the form posted to SessionsController#create (no jquery-rails adding it automatically so I add it by hand).
I truly appreciate your help.
O.
Reply all
Reply to author
Forward
0 new messages