Devise Rememberable hook not setting cookies
486 views
Skip to first unread message
Jeff
Nov 13, 2009, 12:32:32 PM11/13/09
to Devise
I noticed that if I click "Remember me" when logging in, devise does
not set the remember_token cookie.
Warden::Manager.after_authentication do |record, auth, options|
scope = options[:scope]
remember_me = auth.params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?
(:remember_me!)
record.remember_me!
auth.cookies['remember_token'] = {
:value => record.class.serialize_into_cookie(record),
:expires => record.remember_expires_at
}
end
end
From the looks of things, you're assigning a new cookie to the
Request, which is then forgotten about at the end of the request (i.e.
no Set-Cookie header is set).
To fix it, it seems adding the following will work:
auth.env['action_controller.rescue.response'].set_cookie
('remember_token', auth.cookies['remember_token'].merge(:path => '/'))
Now this probably isn't the "right" solution, but it does tell the
response object about the new cookie, which then properly sets the Set-
Cookie response header.
Am I missing something here? Does the Rememberable module work for
anyone else?
not set the remember_token cookie.
Warden::Manager.after_authentication do |record, auth, options|
scope = options[:scope]
remember_me = auth.params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?
(:remember_me!)
record.remember_me!
auth.cookies['remember_token'] = {
:value => record.class.serialize_into_cookie(record),
:expires => record.remember_expires_at
}
end
end
From the looks of things, you're assigning a new cookie to the
Request, which is then forgotten about at the end of the request (i.e.
no Set-Cookie header is set).
To fix it, it seems adding the following will work:
auth.env['action_controller.rescue.response'].set_cookie
('remember_token', auth.cookies['remember_token'].merge(:path => '/'))
Now this probably isn't the "right" solution, but it does tell the
response object about the new cookie, which then properly sets the Set-
Cookie response header.
Am I missing something here? Does the Rememberable module work for
anyone else?
José Valim
Nov 13, 2009, 4:37:29 PM11/13/09
to plataforma...@googlegroups.com
Right now we have it fixed on the git repo. We are going to release a new gem after some extra testing.--
José Valim
Director of Engineering - Plataforma Tecnologia
http://blog.plataformatec.com.br/
José Valim
Director of Engineering - Plataforma Tecnologia
http://blog.plataformatec.com.br/
José Valim
May 19, 2010, 3:44:13 AM5/19/10
to plataforma...@googlegroups.com
I just created a new application on devise 1.0.7, on Rails 2.3.5 and the remember token worked like a charm. You may be configuring something different in your application, or a middleware is discarding the cookie changes, please do investigate!
--
José Valim
Director of Engineering - Plataforma Tecnologia
Know more about us: http://plataformatec.com.br/en/José Valim
Director of Engineering - Plataforma Tecnologia
Reply all
Reply to author
Forward
0 new messages