Devise has a :trackable _strategy which updates the user’s last sign-in time, remote IP and increments a counter in the _User model upon successful logon. This is implemented in Devise::Models::Trackable.update_tracked_fields! and invoked as a Warden callback in devise/hooks/trackable.rb.
Warden will invoke the callback every time warden.set_user is called, which is done once per logon with :event => :authenticate in the options. But when used with the :rememberable strategy, a returning user is not logging on – he continues a previous session. The callback is invoked with an :event => :fetch in the options, which is explicitly excluded in the code above.
Of course, we might not see things in the same eye. A user returning 24 hours later might as well be logging in again. Let’s add a callback that will update tracked fields in this case (to config/initializers/devise_trackable.rb).
Is there a better way to do this? Maybe something worth contributing in one way or another to Devise?