Devise sessions and load-balanced/multiple servers

rubyonrails-talk
1

Hi

Hoping someone has had experience with this or can tell me where to start investigating.

I've got a Rails app with Devise authentication running on a server cluster behind a load balancer, so requests to the website will alternately hit one server, or the other. My problem occurs when I try to register a new user. Everything goes fine, I get the confirmation email, I click the link, it hits the confirmation page and then goes directly to the sign in page, instead of proceeding to the user_root_path. The account IS marked as confirmed in the database though. I thought perhaps the default CookieStore for sessions was causing problems, so I tried the ActiveRecord store, with the same results.

When I try the exact same app/code on my local machine, or on the cluster with only one of the servers active, it works perfectly.

Anyone have any ideas on this, or where to start looking for the problem? When I check, the session is created in the DB, and I have a matching session cookie in the browser, but somehow the confirmation process just doesn't seem to log me in.

Thanks for help in advance.

2

Does your proxy send thru the cookie? Some proxy balancers have issues with not sending the cookie through, so obviously the correct session can't be set. You can verify that this is the case by logging the session and tailing the logs as the app is used.

3

Cookie is definitely being sent through and received. Far as I can see, Devise performs the confirmation and redirects to the correct place, but for some reason, then flags request as unauthorised and shunts it to the login screen again. I'm just not sure why this would be different on a cluster as opposed to a single server, and I've run out of places to look/debug.

4

This is a bit too hard to debug over email. I could help more directly, but it sounds like it's probably some kind of issue with your authorisation code. Could you paste aoropriate bits?

5

As I said I'm using Devise for authentication, with a stock-standard installation and no overrides of any of the methods.