Rails 3 Authlogic sessions not persisting in production

I just ran into a rather hard to track down issue with Authlogic and Rails 3. After upgrading an old app to Rails 3, in production, the sessions wouldn’t persist, but everything worked fine in development mode. After much searching it turns out that there’s an issue with using Rails 3, Authlogic, and HTTP auth together. I had put up HTTP basic auth in Nginx to prevent the site from getting seen by random people or web crawlers. When the app was a Rails 2 app, there was no issue, in fact the Rails app shouldn’t even have known about the HTTP auth since I was doing it in Nginx, not Rails. Not sure why this is a problem with this Rails/Authlogic/HTTP combination, but anyways, the fix was to add this one-liner to your UserSession model

1
2
3
class UserSession < Authlogic::Session::Base
  allow_http_basic_auth false
end

Comments

Magesh September 25, 2011 at 12:46 am
Thankyou so much, i was banging my head with this problem for the past 3 days, now i got it fixed! phew! Thanks for the blog post :)
Tania October 5, 2011 at 6:32 am
Thanks! I was starting to think about saying goodbye to authlogic but you saved my life! thanks!
Robin Fisher November 12, 2011 at 7:55 am
Thanks so much. I was having the same problem.