Remember me confusion

[jonathanng]

There seems to be some confusion on how to get remember me working with Omniauth.

According to this wiki, you need to have the following in your OmniauthCallbacksController:

remember_me(user)

On the other hand, according to this issue, you just need to do this:

user.remember_me = true

In addition, making remember_me default to true according to this, you just need to add the following to your User.rb

def remember_me
  true
end

Not sure which one is the official answer, and all three doesn't work for me. It only works for Chrome on Mac, but doesn't for Firefox Mac & Chrome Windows. Not sure what is going on.

My code looks like this:

# -*- encoding : utf-8 -*-
class OmniauthCallbacksController < Devise::OmniauthCallbacksController

    include Devise::Controllers::Rememberable

    def all
        omniauth = request.env["omniauth.auth"]
        auth = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])
        if auth

            auth.update_with_omniauth omniauth
            auth.save!

            # ???
            remember_me auth.user
            auth.user.remember_me = true

            if user_signed_in?
                redirect_back_or settings_path(current_user)
            else
                sign_in_and_redirect auth.user, event: :authentication
            end
        else
            if user_signed_in?
                current_user.build_auth(omniauth).save!
                redirect_back_or settings_path(current_user)
            else
                session["devise.omniauth"] = omniauth.except('extra')
                redirect_to new_user_registration_url
            end
        end
    end

    alias_method :facebook, :all
    alias_method :twitter, :all

end

[josevalim]

The first option is the correct one. The other two simply set the default value of the field to true, which means it will be automatically remembered whenever the first one is called.

If it works in some browsers or not, it is likely a browser issue because the server is definitely sending the proper cookies. Try to confirm if the cookie is indeed correct and find out if the browser is storing it properly.

[jonathanng]

Thanks!

[taddgiles]

That solution is not working for me in any browser. Here's my controller code:

class People::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  include Devise::Controllers::Rememberable

  def github
    @person = Person.from_omniauth(request.env["omniauth.auth"])

    if @person.persisted?
      remember_me(@person)

      sign_in_and_redirect @person, :event => :authentication
      set_flash_message(:notice, :success, :kind => "GitHub") if is_navigational_format?
    else
      session["devise.github_data"] = request.env["omniauth.auth"]
      redirect_to new_person_registration_url
    end
  end

end

I'm on Ruby 2.1.2, Rails 4.1.5, Devise 3.3.0. Am I doing it wrong? Any ideas?

[krnjn]

This also is not working for me either. Any ideas? My code is basically the same as @taddgiles above.

I should note however that there is no remember_token in the DB nor is the password set (as this is an omniauth login only application)– is that a problem in this case/for this solution?

[anpa]

I have the same issue as @taddgiles and @krnjn.

I noticed that the cookie is created when signing up with omni-auth but it disappears when closing/opening the browser.

So far, I solved this problem by setting config.expire_all_remember_me_on_sign_out = false, but I get the feeling that this is not a good practice/solution (although everything works fine: both login and logout).

Is there any other way to do this?

[krzcho]

it works for me but I do have remember_token in model's table

[agorf]

I had issues with this as well. It turns out I was blindly setting the secure flag, which means the cookie is not available in development. The solution was to edit config/initializers/devise.rb, changing config.rememberable_options = { secure: true } to config.rememberable_options = { secure: Rails.env.production? } After that, it's working like a charm. I only used remember_me(@user) in my OmniAuth callbacks controller. No remember token is needed.

[Rabin-Kalikote]

I had issues with this as well. It turns out I was blindly setting the secure flag, which means the cookie is not available in development. The solution was to edit config/initializers/devise.rb, changing config.rememberable_options = { secure: true } to config.rememberable_options = { secure: Rails.env.production? } After that, it's working like a charm. I only used remember_me(@user) in my OmniAuth callbacks controller. No remember token is needed.

It raises the following error without remember token.
"authenticatable_salt returned nil for the User model. In order to use rememberable, you must ensure a password is always set or have a remember_token column in your model or implement your own rememberable_value in the model with custom logic."

[pil0u]

For the record, I only had the :omniauthable module activated on one of my project. Here are the steps I had to follow to make it work:

• add the :rememberable module on my User
• run a migration to add both remember_created_at (as a datetime column) and remember_token (as a text column) to my users
• add the include Devise::Controllers::Rememberable module in my OmniauthCallbacksController
• add the remember_me(@user) in the controller as well, if the user is persisted

It is so hard to find a clear explanation of this that I'm sure I'll thank my future self for this comment.