Clearance gem queries for users too many times

[vikrammishra333]

I am using clearance gem for authentication purpose and it is working very much fine. But, the problem with it I found is, it slows down the application. By taking a closer look at this, I found that it fetches user for each and every assets(JavaScripts, CSS and images) requested for the page.

Can anyone suggest me what can be the work around for this?

Thanks in Advance

[croaky]

You will see one SQL SELECT into the users table per HTTP request. You may also see in your logs many requests to assets, especially in development, which is how Rails normally works.

I believe everything in Clearance and Rails is working as intended. Please provide logs if you're seeing something different.

[vikrammishra333]

Hi Croaky,

Thanks for your response. Unlike clearance, in devise gem we do not see the SQL SELECT into the users table.Please see the log below.

       Started GET "/assets/application.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /application.css - 304 Not Modified (14ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/colorbox.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /colorbox.css - 304 Not Modified (3ms)
      �[1m�[36mUser Load (7.0ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/dataTables/jquery.dataTables.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /dataTables/jquery.dataTables.css - 304 Not Modified (125ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/jquery.ui.core.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.core.css - 304 Not Modified (13ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/jquery.ui.theme.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.theme.css - 304 Not Modified (10ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap_and_overrides.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap_and_overrides.css - 304 Not Modified (4ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/jquery.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.js - 304 Not Modified (11ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/jquery_ujs.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery_ujs.js - 304 Not Modified (8ms)
      �[1m�[36mUser Load (0.2ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap.css - 304 Not Modified (3ms)
      �[1m�[35mUser Load (0.2ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/jquery.ui.datepicker.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.datepicker.css - 304 Not Modified (43ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/jquery.ui.core.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.core.js - 304 Not Modified (12ms)
      �[1m�[35mUser Load (0.2ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/jquery.ui.widget.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.widget.js - 304 Not Modified (15ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/jquery.ui.mouse.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.mouse.js - 304 Not Modified (14ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/jquery.ui.slider.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.slider.js - 304 Not Modified (27ms)
      �[1m�[36mUser Load (2.0ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/dataTables/jquery.dataTables.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /dataTables/jquery.dataTables.js - 304 Not Modified (6ms)
      �[1m�[35mUser Load (0.2ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/testDividend.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /testDividend.js - 200 OK (2ms)
      �[1m�[36mUser Load (0.2ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/jquery.ui.datepicker.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /jquery.ui.datepicker.js - 304 Not Modified (109ms)
      �[1m�[35mUser Load (0.7ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/colorbox.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /colorbox.js - 304 Not Modified (3ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/common.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /common.js - 304 Not Modified (2ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/companyDataTable.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /companyDataTable.js - 304 Not Modified (2ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/investorDataTable.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /investorDataTable.js - 304 Not Modified (2ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap-transition.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap-transition.js - 304 Not Modified (9ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap-alert.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap-alert.js - 304 Not Modified (32ms)
      �[1m�[35mUser Load (0.4ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap-button.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap-button.js - 304 Not Modified (20ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap-carousel.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap-carousel.js - 304 Not Modified (8ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap-dropdown.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:35 +0530
    Served asset /bootstrap-dropdown.js - 304 Not Modified (32ms)
      �[1m�[36mUser Load (7.3ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap-collapse.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-collapse.js - 304 Not Modified (8ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap-modal.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-modal.js - 304 Not Modified (9ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap-scrollspy.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-scrollspy.js - 304 Not Modified (18ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap-tab.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-tab.js - 304 Not Modified (17ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap-tooltip.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-tooltip.js - 304 Not Modified (13ms)
      �[1m�[35mUser Load (1.0ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap-popover.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-popover.js - 304 Not Modified (19ms)
      �[1m�[36mUser Load (0.2ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/bootstrap-typeahead.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap-typeahead.js - 304 Not Modified (11ms)
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /bootstrap.js - 304 Not Modified (52ms)
      �[1m�[36mUser Load (6.7ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/application.js?body=1" for 127.0.0.1 at 2012-11-26 12:36:36 +0530
    Served asset /application.js - 304 Not Modified (152ms)
      �[1m�[35mUser Load (0.2ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/bootstrap_and_overrides.css?body=1" for 127.0.0.1 at 2012-11-26 12:36:37 +0530
    Served asset /bootstrap_and_overrides.css - 304 Not Modified (1ms)
      �[1m�[36mUser Load (0.2ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m


    Started GET "/assets/dataTables/sort_asc.png" for 127.0.0.1 at 2012-11-26 12:36:37 +0530
    Served asset /dataTables/sort_asc.png - 304 Not Modified (34ms)
      �[1m�[35mUser Load (0.3ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1


    Started GET "/assets/dataTables/sort_both.png" for 127.0.0.1 at 2012-11-26 12:36:37 +0530
    Served asset /dataTables/sort_both.png - 304 Not Modified (3ms)
      �[1m�[36mUser Load (0.1ms)�[0m  �[1mSELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1�[0m
    Connecting to database specified by database.yml


    Started GET "/blog/feed.rss" for 127.0.0.1 at 2012-11-26 12:49:07 +0530
      �[1m�[35mUser Load (0.1ms)�[0m  SELECT `users`.* FROM `users` WHERE `users`.`remember_token` = 'e1624ab80ed6b42dad4bebe4568ca2f58186751b' LIMIT 1

Thanks

[croaky]

@vikrammishra333 I'm not sure how to avoid the SQL SELECTs or how Devise gets around finding your user for each HTTP request.

I don't recommend serving assets through your Rails app. Give asset_sync a try.

[jferris]

It's querying for the user even when the user isn't necessary for the request. Some of the above log entries are assets in development, which certainly don't need the current user. I think I introduced this regression when moving logic into Rack middleware.

This attempts to add the current user's remember token after each request: https://github.com/thoughtbot/clearance/blob/master/lib/clearance/rack_session.rb#L11

However, it doesn't check to see if the user has already been loaded before setting the cookie: https://github.com/thoughtbot/clearance/blob/master/lib/clearance/session.rb#L10

I think we could fix this by grabbing the remember token from HTTP_COOKIE when the current user hasn't been loaded yet. The only time HTTP_COOKIE wont' match current_user is when the user has just signed in, so we can override that when sign_in is called.

[derekprior]

From what I see in the issue list, this is the only thing I would consider to be blocking 1.0.0 final. Agree @gylaz, @croaky?

I'm not having much luck with fixing it.

[croaky]

@derekprior Agree.

[gylaz]

Fixed in 9d2f949