Rails 3 Authlogic sessions not persisting in production
I just ran into a rather hard to track down issue with Authlogic and Rails 3. After upgrading an old app to Rails 3, in production, the sessions wouldn’t persist, but everything worked fine in development mode. After much searching it turns out that there’s an issue with using Rails 3, Authlogic, and HTTP auth together. I had put up HTTP basic auth in Nginx to prevent the site from getting seen by random people or web crawlers. When the app was a Rails 2 app, there was no issue, in fact the Rails app shouldn’t even have known about the HTTP auth since I was doing it in Nginx, not Rails. Not sure why this is a problem with this Rails/Authlogic/HTTP combination, but anyways, the fix was to add this one-liner to your UserSession model
1
2
3
class UserSession < Authlogic::Session::Base
allow_http_basic_auth false
end
Comments