Remember token is now properly stored and specified one for each user.

lib/devise/hooks/confirmable.rb

@@ -2,10 +2,10 @@
 # This is done by checking the time frame the user is able to sign in without
 # confirming it's account. If the user has not confirmed it's account during
 # this time frame, he/she will not able to sign in anymore.
-Warden::Manager.after_set_user do |record, auth, options|
+Warden::Manager.after_set_user do |record, warden, options|
   if record && record.respond_to?(:active?) && !record.active?
     scope = options[:scope]
-    auth.logout(scope)
+    warden.logout(scope)
     throw :warden, :scope => scope, :params => { :unconfirmed => true }
   end
 end

lib/devise/hooks/rememberable.rb

@@ -3,15 +3,17 @@
 # that specific user and adds a cookie with this user info to sign in this user
 # automatically without asking for credentials. Refer to rememberable strategy
 # for more info.
-Warden::Manager.after_authentication do |record, auth, options|
+Warden::Manager.after_authentication do |record, warden, options|
   scope = options[:scope]
-  remember_me = auth.params[scope].try(:fetch, :remember_me, nil)
+  remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
 
   if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
     record.remember_me!
-    auth.cookies['remember_token'] = {
+
+    warden.response.set_cookie "remember_#{scope}_token", {
       :value => record.class.serialize_into_cookie(record),
-      :expires => record.remember_expires_at
+      :expires => record.remember_expires_at,
+      :path => "/"
     }
   end
 end
@@ -19,9 +21,9 @@ end
 # Before logout hook to forget the user in the given scope, only if rememberable
 # is activated for this scope. Also clear remember token to ensure the user
 # won't be remembered again.
-Warden::Manager.before_logout do |record, auth, scope|
+Warden::Manager.before_logout do |record, warden, scope|
   if record.respond_to?(:forget_me!)
     record.forget_me!
-    auth.cookies.delete('remember_token')
+    warden.response.delete_cookie "remember_#{scope}_token"
   end
 end

lib/devise/rails/warden_compat.rb

@@ -1,6 +1,5 @@
 # Taken from RailsWarden, thanks to Hassox. http://github.com/hassox/rails_warden
 module Warden::Mixins::Common
-  # Gets the rails request object by default if it's available
   def request
     return @request if @request
     if env['action_controller.rescue.request']
@@ -19,8 +18,12 @@ module Warden::Mixins::Common
     raw_session.clear
   end
 
-  # Proxy to request cookies
+  def response
-  def cookies
+    return @response if @response
-    request.cookies
+    if env['action_controller.rescue.response']
+      @response = env['action_controller.rescue.response']
+    else
+      Rack::Response.new(env)
+    end
   end
 end

lib/devise/strategies/rememberable.rb

@@ -26,7 +26,7 @@ module Devise
 
         # Accessor for remember cookie
         def remember_me_cookie
-          cookies['remember_token']
+          request.cookies["remember_#{mapping.name}_token"]
         end
     end
   end

test/integration/rememberable_test.rb

@@ -6,7 +6,7 @@ class RememberMeTest < ActionController::IntegrationTest
     Devise.remember_for = 1
     user = create_user
     user.remember_me!
-    cookies['remember_token'] = User.serialize_into_cookie(user) + add_to_token
+    cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token
     user
   end