Rails session ID changing between requests

Looking for insight on a strange problem that I cannot reproduce, but
some of my users are experiencing. Every request sent to the browser
is assigned a different session id, consequently they cannot log in.
The problem seem to only appear for certain Firefox users. They do
have their cookies turned on.

What session store are you using?

I wish I could provide a more helpful answer but the reality is I am
not exactly sure... I do know that session are stored in /tmp/sessions

I just realized that this problem started occurring when I moved from
a single process to a mongrel_cluster balanced by pound.

Hi Jamie,

I wish I could provide a more helpful answer but the reality is I am
not exactly sure... I do know that session are stored in /tmp/sessions

I just realized that this problem started occurring when I moved from
a single process to a mongrel_cluster balanced by pound.

File-based session stores don't work well with application clusters.

If on Rails 2.0 or earlier, use the ActiveRecord session store. You can
enable it in environment.rb and create the required database table using
rake db:session:create and a subsequent db:migrate.

If on Rails 2.1, use the cookie-based session store. This is the default
unless you have specified otherwise in environment.rb.

Also made sure your users know that the must accept cookies from your
site. If you do happen to be using the Rails 2.1 default cookie
session store, and your clients have cookies disabled, I'm not sure
what affect that would have on Rails, but it may very well create a
new session for every request.

Since you mentioned that only some of your users are experiencing this
problem then maybe that's what's happening.

P.S. Even if you are using ActiveRecord session store, I believe that
your users must still accept your cookies otherwise Rails would not
have access to their session id in order for to keep track them.

Thanks for the suggestions... one final related curiosity.. if the
session ID keeps changing for each request, will it make a difference
whether the session store is file based, cookie based or active record
based. Does not the session ID identify the session?