Access-token was not set in header for some new session.

[onemo38]

Hi, I'm using devise_token_auth with devise in Rails 6.1.7. Recently, I'm facing confuse about response header... Some requests about sign_in (which means sessions_controller#create), will reponse with correct header (includes access-token,expiry,client, and uuid). But, other requests are not include these headers (but response is 200OK and body of jeson is same as correctly ones).

When I clear my tokens column for users, reponse includes access-token,expiry,client, and uuid, but these are disapear when i sign_in request after several hours.

What is happend?

Is there any person who faced this problem? Or guys have any solution or information about this issue?

Thanks.

• Version: 1.2.1 (with devise version 4.8.1) (Rails:6.1.7 / Ruby: 3.1.3p185)

• Request and response headers:

• Reqeust N/A

• Response: https://gyazo.com/7d9fdeb1005b5ca237467ea66a23d3c7

• Rails Stacktrace: this can be found in the log/development.log of your API. Started POST "/api/v1/auth/sign_in" for 172.20.0.1 at 2023-01-31 02:57:59 +0000 Cannot render console from 172.20.0.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1 Processing by Api::V1::Auth::SessionsController#create as */* Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]"} User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 AND "users"."provider" = $2 LIMIT $3 [["email", "[email protected]"], ["provider", "email"], ["LIMIT", 1]] TRANSACTION (0.5ms) BEGIN User Load (10779.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 FOR UPDATE [["id", 311], ["LIMIT", 1]] UserGroup Load (0.4ms) SELECT "user_groups".* FROM "user_groups" WHERE "user_groups"."id" = $1 LIMIT $2 [["id", 9], ["LIMIT", 1]] TRANSACTION (1.0ms) COMMIT TRANSACTION (0.2ms) BEGIN User Update (0.3ms) UPDATE "users" SET "sign_in_count" = $1, "current_sign_in_at" = $2, "last_sign_in_at" = $3, "updated_at" = $4 WHERE "users"."id" = $5 [["sign_in_count", 306], ["current_sign_in_at", "2023-01-31 02:58:10.377358"], ["last_sign_in_at", "2023-01-31 02:57:16.620735"], ["updated_at", "2023-01-31 02:58:10.377704"], ["id", 311]] TRANSACTION (0.4ms) COMMIT User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 311], ["LIMIT", 1]] Completed 200 OK in 11135ms (Views: 0.1ms | ActiveRecord: 10782.9ms | Allocations: 11495)

• Environmental Info: How is your application different from the reference implementation? This may include (but is not limited to) the following details:

  • Routes: are you using some crazy namespace, scope, or constraint? -> no
  • Gems: are you using MongoDB, Grape, RailsApi, ActiveAdmin, etc.? -> no
  • Custom Overrides: what have you done in terms of custom controller overrides? -> no
  • Custom Frontend: are you using ng-token-auth, jToker, Angular2-Token, or something else? -> no

[onemo38]

Is there anyone knows about issue?

[aprotsyk]

+1

[baranyeni]

Guys if you had some error similar to this one, please consider your overridden classes & modules. These type of problems may be because of inconsistency in between your overridden logic and the changes in lib itself.

[amree]

Maybe this will help certain people.

Happened to us recently and we found out it's because of the replica lag. It was VERY random. I had to whipped out a bash script that would do 1000 requests and it will happen on different iterations.

This is the specific code causing the problem (not the code's fault): https://github.com/lynndylanhurley/devise_token_auth/blob/5b1a5e19450f3755ce5ebe2f631b40c876ffc22d/app/controllers/devise_token_auth/concerns/set_user_by_token.rb#L106

As you can see, the code calls .reload. If your replica is not fast enough, you may not receive the correct response.