Devise loses session after deploy

Question

I have a rails 4 app where I am using devise for authentication and it works perfectly. My only problem is that it loses the session of a user after I deploy it on the server and the users have to sign in again.

If I just do a restart of nginx/passenger (which I am using for my app) it doesn't loses it. When I am deploying my app I am losing it. For deploying I am also wipe out all the database automatically and my deployment script runs the seeds file which it also generates the users.

We are currently developing the app so this kind of behavior is acceptable for now, but in the future when the app will be ready, we won't do it like this way (of course!).

So is this an issue due to the reseeding or I should check something else? I see that the encrypted password changes everytime I run the wipe out/seed action, does this have to do with the losing of user session?

Answer 1

The reason for this behavior is the following:

Everytime some user changes his password, devise automatically signs_out him.

So, basically by reseeding the data, the password is recalculated (even though the password is the same, the new encrypted password is different from the old one). So the devise will automatically sign_out the user, because it seems like the password is changed (based on the different encrypted_password field).

I managed to bypass this behavior, by specifically setting up the encrypted_password in the seeds.rb file and bypassing the validation.

Answer 2

You should never wipe out a database during deployment. Imagine that your app is running and you have hundreds of users. Now you make some changes in the code and do a deploy. POOF all your data and users are gone! Certainly this is not what you want.

Secondly, users getting logged out when you wipe out the database could be due one of the following reasons:

• Are you seeding users with the same ID? If the user ID changes when you re-seed, it will cause users to be logged out

• Are you storing sessions in the database using config.session_store :active_record_store instead of using cookies? In this case, wiping out the database will delete the sessions table and log out all users

• Rails 4 uses an encrypted cookie store by default. Make you sure you're not changing your application's config.secret_token when re-deploying, in case its getting loaded from the database

Ultimately, wiping out the database is the sole reason why your users are getting logged out, and that is a bad practice. So the most important thing to fix is do not wipe data during deployments.

Answer 3

If I just do a restart of nginx/passenger (which I am using for my app) it doesn't loses it. When I am deploying my app I am losing it. For deploying I am also wipe out all the database automatically and my deployment script runs the seeds file which it also generates the users.

If you generate new users, the old ones will lose their sessions.

This is because the values of the new users will be different. For example, they might not have a remember token set, or if the session_id uses the values of user.created_at or user.token_generated_at they will be different every time you drop and recreate your database.