I am trying to create a session explicitly like this UserSession.create(@user, true) but the session is not getting created, current_user is nil.

But when I do this, I get < #UserSession: {:unauthorized_record=>""}>

us = UserSession.create(@user, true)
RAILS_DEFAULT_LOGGER.info(us.inspect) #=> UserSession: {:unauthorized_record=>""}

I had a look at Authlogic::Session::UnauthorizedRecord here it says

Be careful with this, because Authlogic is assuming that you have already confirmed that the user is who he says he is. For example, this is the method used to persist the session internally. Authlogic finds the user with the persistence token. At this point we know the user is who he says he is, so Authlogic just creates a session with the record. This is particularly useful for 3rd party authentication methods, such as OpenID. Let that method verify the identity, once it’s verified, pass the object and create a session.

which is exactly what I am trying to do (i am authenticating using omniauth and creating session using authlogic).

How do I fix this, so that I can get a valid session in current_user ?

I'm not sure about the .create(object, bool) method signature, but the following works using authlogic.

class Api::ApiBaseController < ApplicationController  
  protected

  def verify_token    
    return false if params[:token].blank?
    @session = UserSession.new(User.find_by_single_access_token(params[:token]))
    @session.save
  end
end

If that doesn't work for you -- I think the @user isn't being set correctly.

I had a similar issue caused by the persistence_token being nil on the user. Reset it before creating the UserSession. So...

@user.reset_persistence_token!
UserSession.create(@user, true)

If you map the active_record_store to the authlogic user_sessions table your session information will be stored in the database, and you will be able to store larger sets of data.

Inside your config folder: config/initializers/session_store.rb

• Comment out App::Application.config.session_store :cookie_store, :key => '_App_session'
• Add or uncomment App::Application.config.session_store :active_record_store

Inside of config/application.rb

• At the end of the class for you application add: ActiveRecord::SessionStore::Session.table_name = 'user_sessions'

Restart your app, and any information stored in the user session will be saved in the authlogic user_sessions table.

Goto: http://apidock.com/rails/ActiveRecord/SessionStore For more information

For now you can replace

UserSession.create @user

to

UserSession.create :email => @user.email, :password => @user.password

not a big deal.

But that caught me other way. I forgot that my user got active? == false when created. I've set it to true and session is created.

I ran into this problem today. In my case it ended up being related to CSRF tokens.

We are creating a user and session in our app in response to an OAuth callback. It appears that if the CSRF token is invalid, which would be the case when coming from a third party, authlogic won't create the user session.

Can't verify CSRF token authenticity

The fix was simple:

class Oauth::UserSessionsController < ApplicationController
  skip_before_action :verify_authenticity_token, only: :callback

  def new
    # code removed...
  end

  def callback
    # code removed...
    UserSession.create(@user)
    redirect_to root_path
  end
end