Devise - remember me not working? LocalHost Issue?

Question

I'm using devise with my rails 3 app. For some reason the sign in with Remember Me is not working.

Could this be due to testing on localhost:3000 ?

in devise.rb, I have the following set:

config.remember_for = 2.weeks

In the logs, when I post a signin I see:

Started POST "/users/sign_in" for 127.0.0.1 at Thu May 12 20:53:04 -0700 2011
  Processing by SessionsController#create as HTML
  Parameters: {"signIn"=>"LOG IN", "authenticity_token"=>"GR09TIq4uSbu6UWxDRhpfQeLWp7qtJTxkCFksLmFzdE=", "utf8"=>"✓", "user"=>{"remember_me"=>"on", "password"=>"[FILTERED]", "email"=>"[email protected]"}}

Is there anything wrong there?

I also have the following in my sessions_controller.rb

class SessionsController < Devise::SessionsController

  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
  include Devise::Controllers::InternalHelpers

  # GET /resource/sign_in
  def new
    clean_up_passwords(build_resource)
    render_with_scope :new
  end

  # POST /resource/sign_in
  def create
    resource = warden.authenticate!(:scope => resource_name, :recall => "new")
    #set_flash_message :notice, :signed_in
    sign_in_and_redirect(resource_name, resource)
  end

  # GET /resource/sign_out
  def destroy
    #set_flash_message :notice, :signed_out if signed_in?(resource_name)
    sign_out_and_redirect(resource_name)
  end

  protected

  def after_sign_in_path_for(resource)
    if resource.is_a?(User) && resource.banned?
      sign_out resource
      flash[:error] = "This account has been suspended."
      root_path
    else
      super
    end
  end


end

Any ideas why signing in and remembering is not working? Thanks

Answer 1

This happens because remember_me comes in params as "on", but is compared to Devise::TRUE_VALUES, which are [true, 1, '1', 't', 'T', 'true', 'TRUE'].

The easiest way is to make it work is to insure your remember_me comes as one of that values. Example of check-box(notice value="1"):

<input type="checkbox" name="user[remember_me]" value="1" checked="checked" />

Another way if you want to make it work with "on" value you can add "on" to Devise::TRUE_VALUES. So in your config/initializers/devise.rb just add as the first line:

Devise::TRUE_VALUES << ["on"]

Answer 2

The Devise remember_user_token cookie could be set to 'secure only', in which case it doesn't work with the development rails server on http (browser never sends it back to the server).

Check initializers/devise.rb for rememberable_options = {:secure => true}