Devise + Cancan cause a redirect loop in production but not development

I've had Devise running in my rails4 app for a long time. Now I needed to add different roles which decided to use Cancan for this.

Everything worked very well in development, but when I deployed the code for production, all I got was an endless redirection loop. If I delete the cookies, I can get the login page, but in the end in the same loop.

My root redirects to the controller indexing action.

I have basically only one controller with any business logic and my root is redirecting to the index action in that controller.

Linked lines from the controller.

load_and_authorize_resource
skip_authorization_check :only => [:index]

      

        
        
        
      

    

But I also tried this:

before_action :authenticate_user!

      

        
        
        
      

    

And besides, the previous one is attached to both of them (separately)

:except => [:index]
:unless => :devise_controller?

      

        
        
        
      

    

In ApplicationController I have everything together and separately

check_authorization :unless => :devise_controller?
before_filter :authenticate_user!,  :unless => :devise_controller?

      

        
        
        
      

    

And I tried both of them with and without it, if not to argue.

I tried following the relevant wiki in the letter but couldn't seem to get this to work in production. If it matters, I am using Nginx / Passenger combo in production.

At the time of writing this, I realized that I am using Cancan 1.6, I have not tried Cancancan yet. Give it the next step.

All help is supported.

UPDATE . I tried this with Cancancan 1.9.2 (instead of Cancan 1.6) with similar results. I have disabled it for now until I find a solution or alternative permission stone.