Devise: wrong number of arguments (3 for 2)` in `serialize_from_cookie`

Can you please provide a sample application that reproduces the error?

I'm not sure how to reproduce it manually I've tried, it's somewhere inside Devise and only happens sometimes. Has something to do with the session.

We're also encountering this issue: I can't give reproduction notes at the moment, but we just downgraded from 3.5.6 to 3.5.1 due to a change in token generation in 3.5.2 that broke user confirmation in our app. At that point, we started seeing the same stack trace that @TrevorHinesley is reporting.

If you downgrade, then you will have Devise 3.5.3 cookies in your clients, which will break when downgraded. I would recommend to continue running on latest Devise and bring the confirmation feature up to date as well.

@josevalim thanks for the suggestion, I'll look into it. Possibly @TrevorHinesley also encountered this issue by traversing versions?

Im facing the exact same problem according to the error backtrace. I recently installed capistrano for my app. During this process, I cloned the app from the repository from scratch. Ever since, this error shows up. I tried to change the cookie session_store key but the error persists. I noticed a splat operator in the authenticate! function...which explains why 3 instead of 2 arguments are received, but I am at a loss, how 3 arguments are present, when the cookie shouldn't return anything. I did not traverse any devise versions and as soon as I use the app directory without the capistrano installation, the error disappears.

A few more infos on this error. It is strange, because it only happens to about 3% of the users. Most of the requests are handled as expected. Users are redirected after the failed authentication. Some however, run into the 500 due to the wrong number of arguments. I have searched through the logs, and every user that received the error had a "remember_user_token" key in their http cookie. This key only shows up as a default parameter. I am using Devise 3.5.3 and will update to 3.5.6 today. I hope it does something.
Here's a backtrace:

F, [2016-04-17T22:51:49.180901] FATAL -- :
ArgumentError (wrong number of arguments (3 for 2)):
devise (3.5.3) lib/devise/models/rememberable.rb:124:in serialize_from_cookie' devise (3.5.3) lib/devise/strategies/rememberable.rb:20:inauthenticate!'
warden (1.2.4) lib/warden/strategies/base.rb:53:in _run!' warden (1.2.4) lib/warden/proxy.rb:358:inblock in _run_strategies_for'
warden (1.2.4) lib/warden/proxy.rb:353:in each' warden (1.2.4) lib/warden/proxy.rb:353:in_run_strategies_for'
warden (1.2.4) lib/warden/proxy.rb:323:in _perform_authentication' warden (1.2.4) lib/warden/proxy.rb:127:inauthenticate!'
devise (3.5.3) lib/devise/controllers/helpers.rb:116:in authenticate_user!' activesupport (4.2.4) lib/active_support/callbacks.rb:432:inblock in make_lambda'
activesupport (4.2.4) lib/active_support/callbacks.rb:164:in call' activesupport (4.2.4) lib/active_support/callbacks.rb:164:inblock in halting'
activesupport (4.2.4) lib/active_support/callbacks.rb:504:in `call'

I'm happy to inform you, that an update to devise 3.5.6 resolved the issue!

@TrevorHinesley @adamnbowen Can you confirm if you update Devise to 3.5.7 solve the issue?
@TrevorHinesley Which version are you using? Did you try to update the gem?

I'm closing this issue. Feel free to reopen if the problem persists and when you have more information in how to reproduce the problem.

same problem here from devise 3.5.3 to 4.2.0

I came across this issue when I was working on a legacy application which was running devise v3.5.1. This was only happening on Chrome for me. I realised that I was working on another rails app which had devise v4.2.0. What was happening was the cookie stored by v4.2.0 was being read by v3.5.1.

Since serialize_from_cookie now takes variable length arguments in v4.2.0 instead of just 2 in v3.5.1, the method throws an error.

Usually this should not happen as different apps will have different secret key to sign the cookie, but both my apps were using same secret key in secret_key_base. I fixed this issue by changing the secret key in v3.5.1 app.

This can happen when you are upgrading devise from v3 to v4, your cookies written from older devise will be read by new devise, resulting in an error. To fix this please change the secret_key_base for your environments. In order to check if this is the issue, open your app in Incognito mode. If the app loads correctly, this is the issue.

I am still facing this issue with devise version 4.3.0 with Rails 5.1.1

ArgumentError - wrong number of arguments (given 3, expected 2):
devise (4.3.0) lib/devise/models/authenticatable.rb:228:in serialize_from_session' devise (4.3.0) lib/devise.rb:478:inblock (2 levels) in configure_warden!'
warden (1.2.7) lib/warden/session_serializer.rb:35:in fetch' warden (1.2.7) lib/warden/proxy.rb:213:inuser'
warden (1.2.7) lib/warden/proxy.rb:323:in _perform_authentication' warden (1.2.7) lib/warden/proxy.rb:105:inauthenticate'
devise (4.3.0) lib/devise/controllers/helpers.rb:124:in current_subscriber' devise (4.3.0) lib/devise/controllers/helpers.rb:120:insubscriber_signed_in?'

Have you tried what I have suggested in my previous comment?

I may be wrong . My problem is with the serialize_from_session, not serialize_from_cookie. I have created a new Issue.