ruby-on-railsruby-on-rails-4devisecsrfrails-api

devise user sign_in gives authentication error for CSRF token authenticity token

I am using devise (latest version - 3.2.0) with rails (latest version - 4.0.1)

I'm doing simple authentication (without ajax or api) and getting an error for CSRF authenticity token. Check the POST request below

started POST "/users/sign_in" for 127.0.0.1 at 2013-11-08 19:48:49 +0530
Processing by Devise::SessionsController#create as HTML

 Parameters: {"utf8"=>"✓",    
 "authenticity_token"=>"SJnGhXXUXjncnPhCdg3muV2GYCA8CX2LVFV78pqddD4=", "user"=> 
{"email"=>"a@a.com", "password"=>"[FILTERED]", "remember_me"=>"0"},
"commit"=>"Sign in"}

Can't verify CSRF token authenticity
 User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."email" =  
'a@a.com' LIMIT 1
(0.1ms)  begin transaction
SQL (0.4ms)  UPDATE "users" SET "last_sign_in_at" = ?, "current_sign_in_at" = ?,
"sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = 2  [["last_sign_in_at", Fri,
08 Nov 2013 14:13:56 UTC +00:00], ["current_sign_in_at", Fri, 08 Nov 2013 14:18:49 UTC
+00:00], ["sign_in_count", 3], ["updated_at", Fri, 08 Nov 2013 14:18:49 UTC +00:00]]
(143.6ms)  commit transaction
Redirected to http://localhost:3000/
Completed 302 Found in 239ms (ActiveRecord: 144.5ms | Search: 0.0ms)

The root url points to home#new, which is like

class HomeController < ApplicationController
   before_action :authenticate_user!
   def index
   end
end

Sign_in page generated html view is like:

The authentication request even updates the last_sign_in_at and sign_in_count values, but when I try to access current_user in controller it comes as nil.

According to me it is not actually signing in user. But then question comes "why it is updating last_sign_in_at/sign_in_count value in the user table ?"

Solution

  • There was no problem with devise gem . I removed 'rails-api' gem and my app started working.