rails devise sign_in doesn't work on redirect

Question

I have this method:

  def update
    @user = User.find(params[:id])
    respond_to do |format|
      if @user.update_attributes(params[:user])
        if params[:mypmnode]
          session[:return_to] = projects_pmnode_path(params[:mypmnode])
          sign_in(@user)
        end
        format.html { redirect_to(session[:return_to], :notice => 'User was successfully updated.') }
        format.xml  { head :ok }
      else
        @create_company = true if params[:user][:company_id].blank? and  params[:user][:company_attributes].length > 0
        @create_department = true if params[:user][:department_id].blank? and  params[:user][:department_attributes].length > 0
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

The idea is that if the user is updated, He is automatically signed-in and redirected to a page where authentication is required.

In this page, I have: before_filter :authenticate_user!

This doesn't work on redirect.

If I then go to another page making use of this sign_in function, then the user logs-in correctly.

Any idea why redirect doesn't work? Thx!

UPDATE:

to make it clearer, I insert the second page code (controller):

class PmnodesController < Projects::BaseController

  before_filter authenticate_user!

  def index
    @pmnodes = Pmnode.all
    respond_to do |format|
      format.html 
    end
  end

Answer 1

If the password is updated on @user, devise will invalidate the session. After the update_attributes, you could try calling sign_out first.

sign_out(@user)
sign_in(@user)

Answer 2

Are you sure that your progam goes inside this blog

if params[:mypmnode]
      session[:return_to] = projects_pmnode_path(params[:mypmnode])
      sign_in(@user)
end

if not this should sign in your use automatically.

def update
    @user = User.find(params[:id])
    respond_to do |format|
  if @user.update_attributes(params[:user])
    if params[:mypmnode]
      session[:return_to] = projects_pmnode_path(params[:mypmnode])

    end
    sign_in(@user)

    format.html { redirect_to(session[:return_to], :notice => 'User was successfully updated.') }
    format.xml  { head :ok }
  else
    @create_company = true if params[:user][:company_id].blank? and  params[:user][:company_attributes].length > 0
    @create_department = true if params[:user][:department_id].blank? and  params[:user][:department_attributes].length > 0
    format.html { render :action => "edit" }
    format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
  end
end
end

Answer 3

I had a similar problem:

I had a controller method that created and signed in a user

def new
  @user = User.create!
  sign_in @user
  redirect_to some_nondefault_path
end

where some_nondefault_path required authentication. The new action did not require authentication. The user was getting created and signed in, but the user session wasn't persisting and the user was getting 401-unauthorized and redirected to the signin page instead of some_nondefault_path.

I ended up solving it by adding

skip_before_filter :verify_authenticity_token, :only => :new

to the first controller. It seemed to be trying to verify the CSRF token before creating the user session, which was failing and blocking the creation of a normal user session (even though it wasn't trying to authenticate_user! ).

Hope this helps!