Devise: Suddenly cannot log in anymore

Question

I'm using Devise 1.3.4 for authentication for the backend in my app. For a couple of days now I cannot log in anymore. What happens is:

• I go to the login page /admin/sign_in
• Log in with good credentials
• See in the log that the login worked (last_sign_in_at, current_sign_in_at and current_sign_in_ip are set, sign_in_count is increased)
• Devise sessions controller tries to forward me to the after_sign_in_path_for I specified in my application controller (Admin::DashboardsController#show)
• Then suddenly the sign in page is rendered again. No redirect, no nothing.

I checked the before_filters and it definitely is Devise's autorize_admin_user! filter that causes the problems (filters before it are called, filters after it are not called). Meaning that even after logging in successfully it doesn't recognize me as logged in.

I realize that it is hard to come up with a solution without seeing most of my code. So my first question would be:

How can I debug this error? How can I retrace where exactly the login doesn't work? Do I have to dig in to Warden? Can it be a session/cookie problem? How could I debug that?

All ideas appreciated!

This is what the log says:

Started GET "/admin/sign_in" for 127.0.0.1 at 2011-05-20 13:49:11 +0200
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
  Processing by Admin::SessionsController#new as HTML
Rendered admin/shared/_header.html.haml (3.1ms)
Rendered admin/shared/_menu.html.haml (1.7ms)
Rendered admin/sessions/new.html.haml within layouts/admin (128.7ms)
Completed 200 OK in 171ms (Views: 133.0ms | ActiveRecord: 0.0ms)


Started POST "/admin/sign_in" for 127.0.0.1 at 2011-05-20 13:49:15 +0200
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
  Processing by Admin::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"VLjjo6W+sd7yRH3SRSNpUN3L8a+OaOgCUpJgB5VaGEM=", "admin_user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
  AdminUser Load (0.7ms)  SELECT `admin_users`.* FROM `admin_users` WHERE `admin_users`.`email` = '[email protected]' LIMIT 1
  SQL (0.2ms)  BEGIN
  AREL (0.3ms)  UPDATE `admin_users` SET `last_sign_in_at` = '2011-05-20 11:49:15', `current_sign_in_at` = '2011-05-20 11:49:15', `current_sign_in_ip` = '127.0.0.1', `sign_in_count` = 3, `updated_at` = '2011-05-20 11:49:15' WHERE `admin_users`.`id` = 33
  SQL (0.5ms)  COMMIT
Redirected to http://myapp.dev/admin
Completed 302 Found in 160ms


Started GET "/admin" for 127.0.0.1 at 2011-05-20 13:49:15 +0200
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
  Processing by Admin::DashboardsController#show as HTML
Completed   in 26ms


Started GET "/admin/sign_in" for 127.0.0.1 at 2011-05-20 13:49:16 +0200
[Barista] Compiling all scripts for barista
[Barista] Compiling all coffeescripts
  Processing by Admin::SessionsController#new as HTML
Rendered admin/shared/_header.html.haml (3.5ms)
Rendered admin/shared/_menu.html.haml (2.0ms)
Rendered admin/sessions/new.html.haml within layouts/admin (134.9ms)
Completed 200 OK in 182ms (Views: 139.2ms | ActiveRecord: 0.0ms)

Answer 1

I had a similar problem recently, and it was because I had played with the session cookie. I had played with the domain and set it to :domain => :all in "initializers/session_store.rb". As a result of this login stopped working in development environment.

If you have made any changes to session_store.rb then probably you need to revert those changes and see if things start working again. If that is the case then you can define the session store based on the environment:

if Rails.env.production?  
  Appname::Application.config.session_store :cookie_store, {:key => '_cookie_name', :domain => :all}  
else  
  Appname::Application.config.session_store :cookie_store, :key => '_cookie_name'  
end

Answer 2

Okay, after 2 days of fumbling around I finally found the answer.

Another error appeared simultaneously but first I didn't make a connection. The error was that when a user wanted to log out, Devise tried to delete a session cookie and used the configuration for my session store to find out where my app stores session cookies. Now I use a "app config" like this and redis-store for my sessions. My session store configuration looked like this

MyApp::Application.config.session_store :redis_session_store, AppConfig.redis

AppConfig.redis looks something like

{ :port => 123, :namespace => 'foo' }

Problem with this is that AppConfig.redis is a ActiveSupport::HashWithIndifferentAccess, not a Hash. At some point someone tries to call symbolize_keys! on it and it fails because ActiveSupport::HashWithIndifferentAccess doesn't have that method.

Long story short: I changed AppConfig.redis to AppConfig.redis.to_hash and everything started working again. The problem that prevented me from logging in apparently was that a session cookie for my user still existed. (Or does anybody have a better explanation?). Still weird that Devise doesn't either throw a proper exception or just overwrites the sessions cookie.

Answer 3

I would start debugging at the exact spot where your controller tries to authenticate the user. It "feels" like this is where things might have gone wrong.

In our devise based app it's in the controller:

before_filter :authenticate_user!