After deploying a fresh copy of my rails3 / devise app using :database_authenticatable, I noticed that /users/sign_in would always return an HTTP Basic Auth challenge for the "Application" realm. Although, this would not happen in development mode running under WEBrick on Ruby 1.8.7. The production server is running nginx/thin on Ruby 1.9.1.