I had a jquery mobile app living inside a rails app. I would login and move around the site a few times and suddenly I would be logged out. I was massively confused for a solid hour.
What was happening
I went digging around in Warden which Devise uses to handle sessions, then I remembered seeing this in my server logs:
WARNING: Can't verify CSRF token authenticity
I did a little research and realized that my app was making multiple ajax requests while I was moving around. When rails can’t verify the CSRF token the first thing it does is kill all sessions, including Devise user sessions.
How I fixed it
In short, add this to your js somewhere in the header:
1 2 3 4
That will attach the correct csrf token along with your ajax requests. You should now no longer see the CSRF warning in your server logs.