When you confirm your identity by clicking the confirmation link the email, the gem stores that request's HTTP_ACCEPT in the session record.
This is an example of the header: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7"
A normal web request may have the header: "text/vnd.turbo-stream.html, text/html, application/xhtml+xml"
Because the stored header doesn't match the web requests for the same user, the user can never sign in without confirmation. 🔁
When you confirm your identity by clicking the confirmation link the email, the gem stores that request's HTTP_ACCEPT in the session record.
This is an example of the header: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7"
A normal web request may have the header: "text/vnd.turbo-stream.html, text/html, application/xhtml+xml"
Because the stored header doesn't match the web requests for the same user, the user can never sign in without confirmation. 🔁