In Rails, what could cause a user to have another user's session?

Posted by DavidNorth on Stack Overflow See other posts from Stack Overflow or by DavidNorth
Published on 2010-03-19T10:27:07Z Indexed on 2010/03/19 10:31 UTC
Read the original article Hit count: 183

Filed under:
|
|
|
|

I have a Rails application using with an authentication system using Restful Authentication without any modification.

Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before.

Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce.

Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6

Many thanks

© Stack Overflow or respective owner

Related posts about rails

Related posts about apache