Devise "Remember Me" option doesn't work for me

I don’t know whether this is the correct place to post it, but I am extremely exhausted from trying to fix this issue. Here is the link to the StackOverflow question as well if in case you want to answer it there.

If I don’t use remember_me option, it works perfectly fine. The app flows as expected.

However, if I check remember_me, it will login in as expected, redirect me to a protected page, which will then redirect me back to the sign_in page (Since I use before_action :authenticate_user!. One other thing that user_signed_in? will retrun false as well).

Here is the request cycle. enter image description here

Here is the logs dump

Started POST "/users/sign_in" for at 2023-06-08 22:33:44 +0500
Processing by Users::SessionsController#create as TURBO_STREAM
  Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"email"=>"", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Log in"}
  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["email", ""], ["LIMIT", 1]]
Redirected to
Completed 303 See Other in 253ms (ActiveRecord: 0.4ms | Allocations: 2776)

Started GET "/projects" for at 2023-06-08 22:33:44 +0500
Processing by ProjectsController#index as TURBO_STREAM
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms | Allocations: 356)

Started GET "/users/sign_in" for at 2023-06-08 22:33:44 +0500
Processing by Users::SessionsController#new as TURBO_STREAM
  Rendering layout layouts/application.html.erb
  Rendering devise/sessions/new.html.erb within layouts/application
  Rendered devise/shared/_links.html.erb (Duration: 0.6ms | Allocations: 230)
  Rendered devise/sessions/new.html.erb within layouts/application (Duration: 2.5ms | Allocations: 1060)
  Rendered shared/_navbar.html.erb (Duration: 0.1ms | Allocations: 47)
  Rendered layouts/_flash.html.erb (Duration: 0.1ms | Allocations: 20)
  Rendered layout layouts/application.html.erb (Duration: 6.7ms | Allocations: 3860)
Completed 200 OK in 9ms (Views: 7.4ms | ActiveRecord: 0.0ms | Allocations: 4622)

As for my `Gemfile

source ''
git_source(:github) { |repo| "{repo}.git" }

ruby '3.2.1'

# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
gem 'rails', github: 'rails/rails', branch: 'main'

# The original asset pipeline for Rails []
gem 'sprockets-rails'

# Use pg as the database for Active Record
gem 'pg', '~> 1.1'

# Use the Puma web server []
gem 'puma', '~> 5.0'

# Use JavaScript with ESM import maps []
gem 'importmap-rails'

# Hotwire's SPA-like page accelerator []
gem 'turbo-rails'

# Hotwire's modest JavaScript framework []
gem 'stimulus-rails'

# Build JSON APIs with ease []
gem 'jbuilder'

# Use Redis adapter to run Action Cable in production
gem 'redis', '~> 4.0'

# Use Kredis to get higher-level data types in Redis []
# gem "kredis"

# Use Active Model has_secure_password []
# gem "bcrypt", "~> 3.1.7"

# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: %i[ mingw mswin x64_mingw jruby ]

# Reduces boot times through caching; required in config/boot.rb
gem 'bootsnap', require: false

# Use Sass to process CSS
# gem "sassc-rails"

# Use Active Storage variants []
# gem "image_processing", "~> 1.2"

group :development, :test do
  # See
  gem 'debug', platforms: %i[ mri mingw x64_mingw ]
  gem 'rubocop'

group :development do
  # Use console on exceptions pages []
  gem 'web-console'

  # Annotate database models
  gem 'annotate'
  gem 'rails-erd'

  # Add speed badges []
  # gem "rack-mini-profiler"

  # Speed up commands on slow machines / big apps []
  # gem "spring"

group :test do
  # Use system testing []
  gem 'capybara'
  gem 'selenium-webdriver'
  gem 'webdrivers'

# Custom Gems
gem 'acts_as_list', '~> 1.1'
gem 'acts_as_recursive_tree', '~> 3.3'
gem 'cssbundling-rails', '~> 1.1', '>= 1.1.2'
gem 'date_validator', '~> 0.12.0'
gem 'devise', '~> 4.9', '>= 4.9.2'
gem 'name_of_person', '~> 1.1'
gem 'pay', '~> 6.3'
gem 'requestjs-rails'
gem 'responders', '~> 3.1'
gem 'stripe', '~> 8.5'

I am just so confused, could be due to timezone issues? Or possibly some other misconfiguration?

UPDATE: Here is my devise config (removed all the comments)

Devise.setup do |config|
  config.mailer_sender = ''

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [:email]

  config.strip_whitespace_keys = [:email]

  config.skip_session_storage = [:http_auth]

  config.stretches = Rails.env.test? ? 1 : 12

  config.reconfirmable = true

  config.remember_for = 2.weeks

  config.expire_all_remember_me_on_sign_out = true

  config.password_length = 6..128

  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/

  config.reset_password_within = 6.hours

  config.sign_out_via = :get

  config.navigational_formats = ['*/*', :html, :turbo_stream]

  config.responder.error_status = :unprocessable_entity
  config.responder.redirect_status = :see_other

The sessions_controller is just empty. I didn’t override anything.

class Users::SessionsController < Devise::SessionsController
  # before_action :configure_sign_in_params, only: [:create]

  # GET /resource/sign_in
  # def new
  #   super
  # end

  # POST /resource/sign_in
  # def create
  #   super
  # end

  # DELETE /resource/sign_out
  # def destroy
  #   super
  # end

  # protected

  # If you have extra params to permit, append them to the sanitizer.
  # def configure_sign_in_params
  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
  # end

The only changes I made were to registrations_controller.

# frozen_string_literal: true

class Users::RegistrationsController < Devise::RegistrationsController
  # before_action :configure_sign_up_params, only: [:create]
  before_action :configure_account_update_params, only: [:update]

  # GET /resource/sign_up
  # def new
  #   super
  # end

  # POST /resource
  # def create
  #   super
  # end

  # GET /resource/edit
  # def edit
  #   super
  # end

  # PUT /resource
  # def update
  #   super
  # end

  # DELETE /resource
  # def destroy
  #   super
  # end

  # GET /resource/cancel
  # Forces the session data which is usually expired after sign
  # in to be expired now. This is useful if the user wants to
  # cancel oauth signing in/up in the middle of the process,
  # removing all OAuth session data.
  # def cancel
  #   super
  # end


  # If you have extra params to permit, append them to the sanitizer.
  # def configure_sign_up_params
  #   devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
  # end

  # If you have extra params to permit, append them to the sanitizer.
  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, keys: [:name])

  def after_update_path_for(resource)

  # The path used after sign up for inactive accounts.
  # def after_inactive_sign_up_path_for(resource)
  #   super(resource)
  # end

Found it. The problem is with 7.1.0-alpha version of Ruby on Rails. It works fine with 7.0.5.

Is there any way to resolve it or do I have to wait for the public release of 7.1.0?

My suggestion would be to open this as an issue on Devise. It’s possible they won’t accept it because Rails 7.1 is unreleased, but that’s their choice.

Ideally there would be a test for this in Devise, and they are running tests against Rails Trunk. But, again, that’s their choice for how they manage dependencies.