Rails 5 + Devise: ActionController::InvalidAuthenticityToken

Question

I created a new app with Rails 5 and Devise, set the authentication and everything was working well for a few weeks.

Today, I tried to log in on the production server and got this error:

ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken

After some googling, I found out that I need to do this change:

class ApplicationController < ActionController::Base
  #protect_from_forgery with: :exception # because of Devise + Rails 5 behavior
  protect_from_forgery prepend: true  

  def after_sign_in_path_for(resource_or_scope)
    my_listings_path
  end

  def after_sign_out_path_for(resource_or_scope)
    root_path
  end  
end

After this change and deploy on the production server, I try to log in - and error. But a different one - now the app redirects me on my_listings_path (which is all correct), but the problem is that I get this error:

NoMethodError: undefined method `listings' for nil:NilClass

So I look what is the problem here, and:

@listings = current_user.listings.order('id DESC')

which means that current_user is empty ( nil ) -- how come? Also, I have in the <head> tag on the website this:

 <%= csrf_meta_tags %>

Another note - on localhost, everything is working well, but on the production server I am keep getting those error messages.

Any advise?

Thank you!

Answer 1

You need to set before_action :authenticate_user! in your controller if you want current_user to work. I'm guessing that the reason it's working on localhost for you, is because you somehow have the current_user set in your session. I don't think it works if you try in incognito.