Devise session not working on Android tablet

[powermike]

Hi,

Something very weird is happening to my app. I'm working on the mobile version so I test my app on iPhone/iPad/Android phone and Android tablet. Authentication works well on first three ones but not on Android tablet. Even weirder it works locally on my mac when I test it with the Android tablet :-(

The app is hosted on Heroku with Memcache to share session between dynos.

• my "index" page auto-generate a user (the session is created) => no problem
• the next page "authenticate_user!", instead of looking for an existing session, a new one is created and I am redirected to the login page

See the logs for Safari desktop version:

See the same action logs with the android tablet:

I updated my gems (bundle update)

Here is my Gemfile.lock

GIT
  remote: git://github.com/bbatsov/rubocop.git
  revision: d78b831fc47eeec610bd339be9a57840a4d78ee1
  specs:
    rubocop (0.26.0)
      astrolabe (~> 1.3)
      parser (>= 2.2.0.pre.4, < 3.0)
      powerpack (~> 0.0.6)
      rainbow (>= 1.99.1, < 3.0)
      ruby-progressbar (~> 1.4)

GIT
  remote: git://github.com/kch/rack-timeout.git
  revision: 83ca9f5141c1fdcb626820b1601c406e3a3a560a
  specs:
    rack-timeout (0.1.0beta2)

GIT
  remote: git://github.com/newrelic/rpm.git
  revision: 2fd6578258c3c4cf4d81c96ac7ff9847a266617e
  specs:
    newrelic_rpm (3.9.3)

GEM
  remote: https://rubygems.org/
  specs:
    actionmailer (4.1.5)
      actionpack (= 4.1.5)
      actionview (= 4.1.5)
      mail (~> 2.5.4)
    actionpack (4.1.5)
      actionview (= 4.1.5)
      activesupport (= 4.1.5)
      rack (~> 1.5.2)
      rack-test (~> 0.6.2)
    actionview (4.1.5)
      activesupport (= 4.1.5)
      builder (~> 3.1)
      erubis (~> 2.7.0)
    active_decorator (0.3.4)
    activemodel (4.1.5)
      activesupport (= 4.1.5)
      builder (~> 3.1)
    activerecord (4.1.5)
      activemodel (= 4.1.5)
      activesupport (= 4.1.5)
      arel (~> 5.0.0)
    activerecord-postgres-hstore (0.7.7)
      activerecord (>= 3.1)
      pg-hstore (>= 1.1.5)
      rake
    activeresource (4.0.0)
      activemodel (~> 4.0)
      activesupport (~> 4.0)
      rails-observers (~> 0.1.1)
    activesupport (4.1.5)
      i18n (~> 0.6, >= 0.6.9)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.1)
      tzinfo (~> 1.1)
    addressable (2.3.6)
    airbrake (4.1.0)
      builder
      multi_json
    arel (5.0.1.20140414130214)
    asset_sync (1.1.0)
      activemodel
      fog (>= 1.8.0)
      unf
    ast (2.0.0)
    astrolabe (1.3.0)
      parser (>= 2.2.0.pre.3, < 3.0)
    bcrypt (3.1.7)
    binding_of_caller (0.7.2)
      debug_inspector (>= 0.0.1)
    bond (0.5.1)
    browser (0.6.0)
    builder (3.2.2)
    chronic (0.10.2)
    chunky_png (1.3.1)
    coderay (1.1.0)
    coffee-rails (4.0.1)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0, < 5.0)
    coffee-script (2.3.0)
      coffee-script-source
      execjs
    coffee-script-source (1.8.0)
    columnize (0.8.9)
    compass (0.12.7)
      chunky_png (~> 1.2)
      fssm (>= 0.2.7)
      sass (~> 3.2.19)
    compass-rails (1.1.0.pre)
      compass (>= 0.12.2, < 0.14)
    connection_pool (2.0.0)
    crack (0.4.2)
      safe_yaml (~> 1.0.0)
    dalli (2.7.2)
    debug_inspector (0.0.2)
    debugger (1.6.8)
      columnize (>= 0.3.1)
      debugger-linecache (~> 1.2.0)
      debugger-ruby_core_source (~> 1.3.5)
    debugger-linecache (1.2.0)
    debugger-ruby_core_source (1.3.5)
    devise (3.3.0)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
      thread_safe (~> 0.1)
      warden (~> 1.2.3)
    dotenv (0.11.1)
      dotenv-deployment (~> 0.0.2)
    dotenv-deployment (0.0.2)
    draper (1.3.1)
      actionpack (>= 3.0)
      activemodel (>= 3.0)
      activesupport (>= 3.0)
      request_store (~> 1.0.3)
    erubis (2.7.0)
    excon (0.39.5)
    execjs (2.2.1)
    factory_girl (4.4.0)
      activesupport (>= 3.0.0)
    factory_girl_rails (4.4.1)
      factory_girl (~> 4.4.0)
      railties (>= 3.0.0)
    figaro (0.7.0)
      bundler (~> 1.0)
      rails (>= 3, < 5)
    fog (1.23.0)
      fog-brightbox
      fog-core (~> 1.23)
      fog-json
      fog-softlayer
      ipaddress (~> 0.5)
      nokogiri (~> 1.5, >= 1.5.11)
    fog-brightbox (0.5.0)
      fog-core (~> 1.22)
      fog-json
      inflecto
    fog-core (1.24.0)
      builder
      excon (~> 0.38)
      formatador (~> 0.2)
      mime-types
      net-scp (~> 1.1)
      net-ssh (>= 2.1.3)
    fog-json (1.0.0)
      multi_json (~> 1.0)
    fog-softlayer (0.3.16)
      fog-core
      fog-json
    font-awesome-rails (4.2.0.0)
      railties (>= 3.2, < 5.0)
    foreman (0.75.0)
      dotenv (~> 0.11.1)
      thor (~> 0.19.1)
    formatador (0.2.5)
    fssm (0.2.10)
    globalize (4.0.2)
      activemodel (>= 4.0.0, < 5)
      activerecord (>= 4.0.0, < 5)
    has_scope (0.6.0.rc)
      actionpack (>= 3.2, < 5)
      activesupport (>= 3.2, < 5)
    hike (1.2.3)
    i18n (0.6.11)
    inflecto (0.0.2)
    inherited_resources (1.5.0)
      has_scope (~> 0.6.0.rc)
      responders (~> 1.0)
    interception (0.5)
    ipaddress (0.8.0)
    jbuilder (2.1.3)
      activesupport (>= 3.0.0, < 5)
      multi_json (~> 1.2)
    jist (1.5.1)
      json
    jquery-rails (3.1.2)
      railties (>= 3.0, < 5.0)
      thor (>= 0.14, < 2.0)
    jquery-turbolinks (2.1.0)
      railties (>= 3.1.0)
      turbolinks
    jquery-ui-rails (5.0.0)
      railties (>= 3.2.16)
    json (1.8.1)
    mail (2.5.4)
      mime-types (~> 1.16)
      treetop (~> 1.4.8)
    memcachier (0.0.2)
    method_source (0.8.2)
    mime-types (1.25.1)
    mini_portile (0.6.0)
    minitest (5.4.1)
    minitest-spec-rails (5.1.0)
      minitest (~> 5.0)
      rails (~> 4.1)
    multi_json (1.10.1)
    net-scp (1.2.1)
      net-ssh (>= 2.6.5)
    net-ssh (2.9.1)
    nokogiri (1.6.3.1)
      mini_portile (= 0.6.0)
    orm_adapter (0.5.0)
    parser (2.2.0.pre.4)
      ast (>= 1.1, < 3.0)
      slop (~> 3.4, >= 3.4.5)
    pg (0.17.1)
    pg-hstore (1.2.0)
    polyglot (0.3.5)
    powerpack (0.0.9)
    pry (0.10.1)
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
    pry-debugger (0.2.3)
      debugger (~> 1.3)
      pry (>= 0.9.10, < 0.11.0)
    pry-doc (0.6.0)
      pry (~> 0.9)
      yard (~> 0.8)
    pry-docmore (0.1.1)
      pry
      pry-doc
    pry-plus (1.0.0)
      bond
      jist
      pry-debugger
      pry-doc
      pry-docmore
      pry-rescue
      pry-stack_explorer
    pry-rails (0.3.2)
      pry (>= 0.9.10)
    pry-remote (0.1.8)
      pry (~> 0.9)
      slop (~> 3.0)
    pry-rescue (1.4.1)
      interception (>= 0.5)
      pry
    pry-stack_explorer (0.4.9.1)
      binding_of_caller (>= 0.7)
      pry (>= 0.9.11)
    puma (2.9.1)
      rack (>= 1.1, < 2.0)
    quiet_assets (1.0.3)
      railties (>= 3.1, < 5.0)
    rack (1.5.2)
    rack-test (0.6.2)
      rack (>= 1.0)
    rails (4.1.5)
      actionmailer (= 4.1.5)
      actionpack (= 4.1.5)
      actionview (= 4.1.5)
      activemodel (= 4.1.5)
      activerecord (= 4.1.5)
      activesupport (= 4.1.5)
      bundler (>= 1.3.0, < 2.0)
      railties (= 4.1.5)
      sprockets-rails (~> 2.0)
    rails-observers (0.1.2)
      activemodel (~> 4.0)
    rails_12factor (0.0.2)
      rails_serve_static_assets
      rails_stdout_logging
    rails_serve_static_assets (0.0.2)
    rails_stdout_logging (0.0.3)
    railties (4.1.5)
      actionpack (= 4.1.5)
      activesupport (= 4.1.5)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rainbow (2.0.0)
    rake (10.3.2)
    request_store (1.0.8)
    responders (1.1.1)
      railties (>= 3.2, < 4.2)
    ruby-progressbar (1.5.1)
    safe_yaml (1.0.3)
    sass (3.2.19)
    sass-rails (4.0.3)
      railties (>= 4.0.0, < 5.0)
      sass (~> 3.2.0)
      sprockets (~> 2.8, <= 2.11.0)
      sprockets-rails (~> 2.0)
    simple_form (3.0.2)
      actionpack (~> 4.0)
      activemodel (~> 4.0)
    simple_mock (0.0.2)
    slim (2.0.3)
      temple (~> 0.6.6)
      tilt (>= 1.3.3, < 2.1)
    slim-rails (2.1.5)
      actionpack (>= 3.0, < 4.2)
      activesupport (>= 3.0, < 4.2)
      railties (>= 3.0, < 4.2)
      slim (~> 2.0)
    slop (3.6.0)
    spring (1.1.3)
    sprockets (2.11.0)
      hike (~> 1.2)
      multi_json (~> 1.0)
      rack (~> 1.0)
      tilt (~> 1.1, != 1.3.0)
    sprockets-rails (2.1.4)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      sprockets (~> 2.8)
    teaspoon (0.8.0)
      railties (>= 3.2.5, < 5)
    temple (0.6.8)
    thor (0.19.1)
    thread_safe (0.3.4)
    tilt (1.4.1)
    timecop (0.7.1)
    treetop (1.4.15)
      polyglot
      polyglot (>= 0.3.1)
    turbolinks (2.3.0)
      coffee-rails
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
    uglifier (2.5.3)
      execjs (>= 0.3.0)
      json (>= 1.8.0)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.6)
    vcr (2.9.3)
    warden (1.2.3)
      rack (>= 1.0)
    webmock (1.18.0)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
    yard (0.8.7.4)

PLATFORMS
  ruby

DEPENDENCIES
  active_decorator
  activerecord-postgres-hstore
  activeresource
  airbrake
  asset_sync
  browser
  chronic
  coffee-rails
  compass-rails (= 1.1.0.pre)
  connection_pool
  dalli
  debugger
  devise
  draper
  factory_girl_rails
  figaro
  font-awesome-rails
  foreman
  globalize (~> 4.0.0.alpha.2)
  inherited_resources
  jbuilder
  jquery-rails
  jquery-turbolinks
  jquery-ui-rails
  memcachier
  minitest-spec-rails
  newrelic_rpm!
  pg
  pry-plus
  pry-rails
  pry-remote
  puma
  quiet_assets
  rack-timeout!
  rails
  rails_12factor
  rubocop!
  sass-rails
  simple_form
  simple_mock
  slim-rails
  spring
  teaspoon
  timecop
  turbolinks
  uglifier
  unf
  vcr
  webmock

Here are my environnements settings:

development:

IatContract::Application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  # In the development environment your application's code is reloaded on
  # every request. This slows down response time but is perfect for development
  # since you don't have to restart the web server when you make code changes.
  config.cache_classes = false

  # Do not eager load code on boot.
  config.eager_load = false

  # Show full error reports and disable caching.
  config.consider_all_requests_local       = true
  config.action_controller.perform_caching = false

  # Don't care if the mailer can't send.
  config.action_mailer.raise_delivery_errors = false

  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log

  # Raise an error on page load if there are pending migrations
  config.active_record.migration_error = :page_load

  # Debug mode disables concatenation and preprocessing of assets.
  # This option may cause significant delays in view rendering with a large
  # number of complex assets.
  config.assets.debug = true

  # Adds additional error checking when serving assets at runtime.
  # Checks for improperly declared sprockets dependencies.
  # Raises helpful error messages.
  config.assets.raise_runtime_errors = false

  config.action_mailer.default_url_options = { host: 'localhost:3000' }

  # MailTrap Debug
  config.action_mailer.delivery_method = :smtp
  config.action_mailer.smtp_settings = {
    user_name: ENV['SMTP_USER_NAME'],
    password: ENV['SMTP_PASSWORD'],
    address: ENV['SMTP_ADDRESS'],
    port: ENV['SMTP_PORT'],
    authentication: :plain
  }

  config.assets.raise_production_errors = true

  # Memcached
  config.perform_caching = true
  config.action_controller.perform_caching = true
  config.cache_store = :dalli_store, 'localhost:11211'
end

Staging config:

IatContract::Application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  # Code is not reloaded between requests.
  config.cache_classes = true

  # Eager load code on boot. This eager loads most of Rails and
  # your application in memory, allowing both thread web servers
  # and those relying on copy on write to perform better.
  # Rake tasks automatically ignore this option for performance.
  config.eager_load = true

  # Full error reports are disabled and caching is turned on.
  config.consider_all_requests_local       = false
  config.action_controller.perform_caching = true

  # Enable Rack::Cache to put a simple HTTP cache in front of your application
  # Add `rack-cache` to your Gemfile before enabling this.
  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
  # config.action_dispatch.rack_cache = true

  # Disable Rails's static asset server (Apache or nginx will already do this).
  config.serve_static_assets = false

  # Compress JavaScripts and CSS.
  config.assets.js_compressor = :uglifier
  # config.assets.css_compressor = :sass

  # Do not fallback to assets pipeline if a precompiled asset is missed.
  config.assets.compile = false

  # Generate digests for assets URLs.
  config.assets.digest = true

  # Version of your assets, change this if you want to expire all your assets.
  config.assets.version = '1.0'

  # Specifies the header that your server uses for sending files.
  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx

  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
  config.force_ssl = true

  # Set to :debug to see everything in the log.
  config.log_level = :debug

  # Prepend all log lines with the following tags.
  # config.log_tags = [ :subdomain, :uuid ]

  # Use a different logger for distributed setups.
  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)

  # Use a different cache store in production.
  config.cache_store = :dalli_store

  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
  # config.action_controller.asset_host = "http://assets.example.com"
  config.action_controller.asset_host = "//assets-#{ENV['FOG_DIRECTORY']}.diverseo.com"
  config.assets.prefix = '/assets'

  # Precompile additional assets.
  # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
  # config.assets.precompile += %w( search.js )

  # Ignore bad email addresses and do not raise email delivery errors.
  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
  # config.action_mailer.raise_delivery_errors = false

  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
  # the I18n.default_locale when a translation can not be found).
  config.i18n.fallbacks = true

  # Send deprecation notices to registered listeners.
  config.active_support.deprecation = :notify

  # Disable automatic flushing of the log to improve performance.
  # config.autoflush_log = false

  # Use default logging formatter so that PID and timestamp are not suppressed.
  config.log_formatter = ::Logger::Formatter.new

  config.action_mailer.default_url_options = { host: 'iat-core-staging.diverseo.com' }

  # Free secure smtp server
  config.action_mailer.delivery_method = :smtp
  config.action_mailer.smtp_settings = {
    user_name: ENV['SMTP_USER_NAME'],
    password: ENV['SMTP_PASSWORD'],
    address: ENV['SMTP_ADDRESS'],
    port: ENV['SMTP_PORT'],
    authentication: :plain
  }
end

Obviously something special on heroku make it fails but only for Android tablet. Any idea what can I do to debug this ?

Thank you for your help.

Regards.

[josevalim]

I would try to investigate if the tablet is sending the proper session / cookies. Maybe it is dropping stuff it is not supposed to.

[powermike]

I tried to put this in application controller:

  prepend_before_action :session_data
  prepend_after_action :session_data

  protected

  # For Android sessions
  def session_data
    puts '\n\n\n\n'
    puts session.inspect
    puts '\n\n\n\n'
  end

This is the log I have for the second page:

[josevalim]

It is just saying the session isn't loaded. Try to access something in it, like session["foo"] before inspecting it! Also, try printing your cookies too!

[powermike]

I used this for debug:

  prepend_before_action :session_data
  prepend_after_action :session_data

  protected

  # For Android sessions
  def session_data
    logger.info '##### Start Debug session'
    logger.info '# Session'
    logger.info '# Accessing session'
    logger.info "Contract ID from session: #{session[:contract_id]}"
    logger.info '# Cookies'
    logger.info cookies.inspect
    logger.info '##### End Debug session'
  end

First page log:

Second page logs:

[josevalim]

I have no idea what is happening. We can clearly see the session is being deleted through "cache delete" entries but I have no idea what is triggering that. What is android sending that is making Rails or Devise think it should create a new session? Which session store are you using? Cookies or in memory? if you change the session store, does the bug persist?

[powermike]

I use dalli_store as session store.

I switched to cookie_store to test here the result:

On heroku:

On my mac with the android tablet:

As you can see it works on my mac but not on heroku. F...K!

[josevalim]

Sorry, I still have no idea what is happening. :( Let us know if you find more info.

[josevalim]

Closing this as it has been 4 months. It defintiely doesn't look like a Devise issue though as we are just relying on Rails session setup.