Inconsistent credentials cookie behaviour about authlogic HOT 6 CLOSED

@sthyregod you'd put this in your session model. Could do something like this:

class UserSession < Authlogic::Session::Base
  secure !!Rails.application.config.force_ssl
end

(NB I think force_ssl will be removed in Rails 6.1)

from authlogic.

.. having it mentioned in the Readme might help ..

PRs welcome

from authlogic.

Firefox on local network does not create credentials cookie when 'remember_me' is ticked. Login is thus not remembered cross-session.

Assuming your development is non-HTTPS, have you tried disabling SSL-only remember-me cookies for development? e.g. UserSession.secure = false

from authlogic.

The behaviour is the same as before as far as I can see. I believe the line should be inserted into the app/config/environments/development.rb file? I'm new to Rails from C# MVC, so I'm not completely accustomed to the structure yet.

I came to think, I expect having two separate Session models wouldn't interfere with eachother, e.g. creating the mentioned problem. For example having a CustomerSession for a Customer model and a UserSession for a User model.

from authlogic.

That does it! Credentials cookie is set as expected and when destroying the session the cookie is successfully deleted.

Question is, should anything be done to help others who might become stuck with the same problem? Maybe it's a niche problem, but having it mentioned in the Readme might help (along with what's necessary in 6.1 - of what I saw when looking it up they'd only remove force_ssl on the controller level though. It should still work on the application level).

from authlogic.

👏 for @tiegz's solution above. Had the same issue when debugging locally and not running a dev server with ssl. Consider adding a note to the README.

from authlogic.