I'm working on an application that creates several dummy accounts for a legal case. These accounts do not have a username/password, but instead a 4 digit access code that coupled with the case number allows them to login. I was using the Session.create method after finding an account by the access code & matching case:
@account = Account.find_by_access_code(params[:account][:access_code])
@case = Case.find_by_justice_system_number(params[:case][:justice_system_number])
if @account && @case && @account.cases.include?(@case)
However, a few errors occur - the persistence_token is not set & the session is not saved server side. So when Session.find is called, it cannot find the account:
Account Load (0.5ms) SELECT `accounts`.* FROM `accounts` WHERE `accounts`.`id` = 53 LIMIT 1
Account Load (0.5ms) SELECT `accounts`.* FROM `accounts` WHERE `accounts`.`persistence_token` = 53 LIMIT 1
The second line above is particularly odd, it seems to be falling back to using the ID as persistence_token. The workaround is to use
@session = Session.new(@account)
instead - which correctly sets the persistence_token and saves the session server side.
I could be misunderstanding the purpose of Session.create, so maybe this is how it is meant to work. Regardless, I hope this helps anyone having similar issues.