Hello,
I'm facing a behavior I can't trace where Devise grants access (SessionController#create), sign_in_and_redirect and then Unauthorize the access. I fail to see any reason for such a behavior.
A more detailed description of the problem is available
here with logs, etc.
I would gladly accept any input here. My last and unverified assumption is that:
1 - Devise does its own CSRF authenticity token check, as mine is turned off (no protect_from_forgery).
2 - Devise fails to see the token I add as an hidden field to the form posted to SessionsController#create (no jquery-rails adding it automatically so I add it by hand).
I truly appreciate your help.
O.