cancan/cantango losing user/user_session and/or roles after first request

Vanilla authlogic/cantango setup, testing with a hard-coded roles_list during test that returns [:user]. Test permissions.yml file:

roles:
  user:
    can:
      manage:
      - User

On the first request, user_can?(:manage, User) does what I expect. On subsequent requests, however, it's no longer true, and my permission goes away.

The current_user and current_user_session vars change on each request; not sure if that's because I'm in dev environment and something's being reloaded, but it sketches me out a little bit. Duh :/

Implementation in ApplicationController fol开发者_运维技巧lows default authlogic examples.

If I load up the console:

pry(main)> u = User.first
=> #<User id: 2, email: "ohai@wtf.com", [...]
pry(main)> a = CanTango::Ability.new u
=> [lots of stuff, available on request]
pry(main)> a.can?(:manage, User.new)
=> true
pry(main)> a.can?(:manage, User.new)
=> true

I attempted to turn cantango's caching off (just in case) in cantango.rb per cantango's docs [...]>

Any hints/tips/pointers/source/docs?

If I change the permissions.yml file to the following (these are roles, not users, in theory, but w/o the guest role, which I never reference anywhere in my code, it doesn't work) things mostly work.

roles:
  user:
    can:
      manage:
      - User
  guest:
    cannot:
      manage:
      - User

I still have to leave caching off so far.

I'm abandoning cantango for now; while I have significant role-based permissions needs, the amount of trouble this caused isn't worth it, and so far it seems like a more targeted solution using some of the same meta-techniques will be cleaner and easier.