Rails session ID changing between requests

Looking for insight on a strange problem that I cannot reproduce, but some of my users are experiencing. Every request sent to the browser is assigned a different session id, consequently they cannot log in. The problem seem to only appear for certain Firefox users. They do have their cookies turned on.

What session store are you using?

I wish I could provide a more helpful answer but the reality is I am not exactly sure... I do know that session are stored in /tmp/sessions

I just realized that this problem started occurring when I moved from a single process to a mongrel_cluster balanced by pound.

Hi Jamie,

I wish I could provide a more helpful answer but the reality is I am not exactly sure... I do know that session are stored in /tmp/sessions

I just realized that this problem started occurring when I moved from a single process to a mongrel_cluster balanced by pound.

File-based session stores don't work well with application clusters.

If on Rails 2.0 or earlier, use the ActiveRecord session store. You can enable it in environment.rb and create the required database table using rake db:session:create and a subsequent db:migrate.

If on Rails 2.1, use the cookie-based session store. This is the default unless you have specified otherwise in environment.rb.

Also made sure your users know that the must accept cookies from your site. If you do happen to be using the Rails 2.1 default cookie session store, and your clients have cookies disabled, I'm not sure what affect that would have on Rails, but it may very well create a new session for every request.

Since you mentioned that only some of your users are experiencing this problem then maybe that's what's happening.

P.S. Even if you are using ActiveRecord session store, I believe that your users must still accept your cookies otherwise Rails would not have access to their session id in order for to keep track them.

Thanks for the suggestions... one final related curiosity.. if the session ID keeps changing for each request, will it make a difference whether the session store is file based, cookie based or active record based. Does not the session ID identify the session?