Devise: Remember me confusion

Created on 17 Aug 2014  路  7Comments  路  Source: heartcombo/devise

There seems to be some confusion on how to get remember me working with Omniauth.

According to this wiki, you need to have the following in your OmniauthCallbacksController:

remember_me(user)

On the other hand, according to this issue, you just need to do this:

user.remember_me = true

In addition, making remember_me default to true according to this, you just need to add the following to your User.rb

def remember_me
  true
end

Not sure which one is the official answer, and all three doesn't work for me. It only works for Chrome on Mac, but doesn't for Firefox Mac & Chrome Windows. Not sure what is going on.

My code looks like this:

# -*- encoding : utf-8 -*-
class OmniauthCallbacksController < Devise::OmniauthCallbacksController

    include Devise::Controllers::Rememberable

    def all
        omniauth = request.env["omniauth.auth"]
        auth = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])
        if auth

            auth.update_with_omniauth omniauth
            auth.save!

            # ???
            remember_me auth.user
            auth.user.remember_me = true

            if user_signed_in?
                redirect_back_or settings_path(current_user)
            else
                sign_in_and_redirect auth.user, event: :authentication
            end
        else
            if user_signed_in?
                current_user.build_auth(omniauth).save!
                redirect_back_or settings_path(current_user)
            else
                session["devise.omniauth"] = omniauth.except('extra')
                redirect_to new_user_registration_url
            end
        end
    end

    alias_method :facebook, :all
    alias_method :twitter, :all

end
picture jonathanng

Most helpful comment

I had issues with this as well. It turns out I was blindly setting the secure flag, which means the cookie is not available in development. The solution was to edit config/initializers/devise.rb, changing config.rememberable_options = { secure: true } to config.rememberable_options = { secure: Rails.env.production? } After that, it's working like a charm. I only used remember_me(@user) in my OmniAuth callbacks controller. No remember token is needed.

picture agorf on 12 Jan 2018
👍3

All 7 comments

The first option is the correct one. The other two simply set the default value of the field to true, which means it will be automatically remembered whenever the first one is called.

If it works in some browsers or not, it is likely a browser issue because the server is definitely sending the proper cookies. Try to confirm if the cookie is indeed correct and find out if the browser is storing it properly.

josevalim picture josevalim on 17 Aug 2014
👍1

Thanks!

jonathanng picture jonathanng on 17 Aug 2014

That solution is not working for me in any browser. Here's my controller code:

class People::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  include Devise::Controllers::Rememberable

  def github
    @person = Person.from_omniauth(request.env["omniauth.auth"])

    if @person.persisted?
      remember_me(@person)

      sign_in_and_redirect @person, :event => :authentication
      set_flash_message(:notice, :success, :kind => "GitHub") if is_navigational_format?
    else
      session["devise.github_data"] = request.env["omniauth.auth"]
      redirect_to new_person_registration_url
    end
  end

end

I'm on Ruby 2.1.2, Rails 4.1.5, Devise 3.3.0. Am I doing it wrong? Any ideas?

taddgiles picture taddgiles on 28 Aug 2014

This also is not working for me either. Any ideas? My code is basically the same as @taddgiles above.

I should note however that there is no remember_token in the DB nor is the password set (as this is an omniauth login only application)鈥撀爄s that a problem in this case/for this solution?

krnjn picture krnjn on 17 Sep 2014

I have the same issue as @taddgiles and @krnjn.

I noticed that the cookie is created when signing up with omni-auth but it disappears when closing/opening the browser.

So far, I solved this problem by setting config.expire_all_remember_me_on_sign_out = false, but I get the feeling that this is not a good practice/solution (although everything works fine: both login and logout).

Is there any other way to do this?

anpa picture anpa on 17 Apr 2015

it works for me but I do have remember_token in model's table

krzcho picture krzcho on 30 Oct 2015

I had issues with this as well. It turns out I was blindly setting the secure flag, which means the cookie is not available in development. The solution was to edit config/initializers/devise.rb, changing config.rememberable_options = { secure: true } to config.rememberable_options = { secure: Rails.env.production? } After that, it's working like a charm. I only used remember_me(@user) in my OmniAuth callbacks controller. No remember token is needed.

agorf picture agorf on 12 Jan 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ragesoss picture ragesoss  路  3Comments
clay-f picture clay-f  路  3Comments
afuno picture afuno  路  3Comments
JanBussieck picture JanBussieck  路  3Comments
Gorchel picture Gorchel  路  3Comments