I'm having a bit of an issue with the Sorcery gem. When I log in to my app, the controller successfully logs in that the, and then redirects me to another page (I can be sure the login credentials are correct, as if they are not the login page action is rendered instead of the redirection taking place). However, when the app tries to load this page, Sorcery's requires_login method fails, as current_user returns false (which then triggersnot_authenticated and boots me back to the front page).
This is only happening in production, if I run the site in development, everything works fine. I've tried removing all the other before_filters that get run, and still get the same problem, so it's not something there.
Log in is handled by the following controller action (I don't think there's anything in there that is responsible, but just in case):
# user_sessions_controller.rb
def create
logout
@user = login(params[:email], params[:password])
if @user
@user.assign_locale(params[:locale])
flash[:success] = "Log in successful."
if can? :read, Organisation
redirect_to some_path
else
redirect_to another_path
end
else
flash.now[:error] = "Unrecognised email/password combination"
render "new"
end
end
This was a problem entirely of my own creation. I was testing production on my own machine, without ssl, and had
secure: Rails.env.production?
set as one of my session_store options, meaning the cookies required by Sorcery were not being served.