Login issue
davidpatters0n opened this issue · comments
There's an issue with the sessions. Seems that when you register it logs you in. But the moment you log out and attempt to log back in with the same credentials it fails. I have posted the log below:
Started GET "/record.json" for 127.0.0.1 at 2014-01-09 10:40:57 +0000
Processing by RecordController#index as JSON
Completed 401 Unauthorized in 0ms
Started POST "/login" for 127.0.0.1 at 2014-01-09 10:41:08 +0000
Processing by SessionsController#create as HTML
Parameters: {"user"=>{"email"=>"dpaterson@hotmail.com", "password"=>"[FILTERED]"}, "session"=>{"user"=>{"email"=>"dpaterson@hotmail.com", "password"=>"[FILTERED]"}}}
WARNING: Can't verify CSRF token authenticity
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."email" = 'dpatterson2008@hotmail.com' LIMIT 1
(0.1ms) begin transaction
(0.2ms) UPDATE "users" SET "current_sign_in_at" = '2014-01-09 10:41:08.750671', "sign_in_count" = 2, "updated_at" = '2014-01-09 10:41:08.751317' WHERE "users"."id" = 1
(156.2ms) commit transaction
Completed 200 OK in 232ms (Views: 1.2ms | ActiveRecord: 156.8ms)
Started GET "/record.json" for 127.0.0.1 at 2014-01-09 10:41:08 +0000
Processing by RecordController#index as JSON
Completed 401 Unauthorized in 1ms
Hm ok I'll try to recreate this and see what's going on.
Any news on this issue?
Yup, I spent some time looking into this and I found someone else having the same issue : http://stackoverflow.com/questions/11845500/rails-devise-authentication-csrf-issue
So based on the answers there, I realized I had to manually set the CSRF token after the user logs out. So now that's what I'm doing and the problem has been resolved.
As an alternative you can just set skip_before_filter :verify_authenticity_token
which works too but not very secure.
Anyway thanks for bringing this up!