Devise sessions and load-balanced/multiple servers


Hoping someone has had experience with this or can tell me where to
start investigating.

I’ve got a Rails app with Devise authentication running on a server
cluster behind a load balancer, so requests to the website will
alternately hit one server, or the other. My problem occurs when I try
to register a new user. Everything goes fine, I get the confirmation
email, I click the link, it hits the confirmation page and then goes
directly to the sign in page, instead of proceeding to the
user_root_path. The account IS marked as confirmed in the database
though. I thought perhaps the default CookieStore for sessions was
causing problems, so I tried the ActiveRecord store, with the same

When I try the exact same app/code on my local machine, or on the
cluster with only one of the servers active, it works perfectly.

Anyone have any ideas on this, or where to start looking for the
problem? When I check, the session is created in the DB, and I have a
matching session cookie in the browser, but somehow the confirmation
process just doesn’t seem to log me in.

Thanks for help in advance.

Does your proxy send thru the cookie? Some proxy balancers have issues
with not sending the cookie through, so obviously the correct session
can’t be set. You can verify that this is the case by logging the
session and tailing the logs as the app is used.

Sent from my iPad

Cookie is definitely being sent through and received. Far as I can
see, Devise performs the confirmation and redirects to the correct
place, but for some reason, then flags request as unauthorised and
shunts it to the login screen again. I’m just not sure why this would
be different on a cluster as opposed to a single server, and I’ve run
out of places to look/debug.

This is a bit too hard to debug over email. I could help more directly,
but it sounds like it’s probably some kind of issue with your
authorisation code. Could you paste aoropriate bits?

Sent from my iPad

As I said I’m using Devise for authentication, with a stock-standard
installation and no overrides of any of the methods.