Session id changing for each request

I posted this a little while back, but was unable to resolve the
problem, so keeping my fingers crossed that other have some insight…

Some percentage of users are unable to login as it appears the rails
session ID changes at each request. Note: these users do have cookies
turned on - though it behaves as if they do not. I tried moving the
session store from file based to active record based, but I am not
convinced this fixes the problem as this does not prevent the ID from
changing. One thing I did find was that when I changed the env from
pound balancing behind three processes to a single mongrel process in
the front, the problem disappears.

one note: I am running RAILS 1.2.3

jamie wrote:

one note: I am running RAILS 1.2.3

Hi Jamie,

I experienced this problem before and it was because a cookie was not
getting created. In my case, it was only on Safari and it turned out to
be because I had an underscore in the hostname part of the URL. For

An underscore in the host is not per RFC, so Safari was doing the right
thing by not creating the cookie (but unfortunately it shouldn’t have
displayed the website either, which apparently was a bug). Firefox
created the cookie just fine.

If your hostname doesn’t have an underscore, the idea might still lead
you to the problem. It’s most likely that the cookie is not getting
created for some reason.


Unfortunately I do not have an underscore in the host name…also I
wonder what would explain why only a percentage of users are
experiencing this problem

On Aug 19, 8:46 am, Phillip K. [email protected]

I had a similar problem and it had to do with the links the user’s
where clicking on and how these links were coded. When the problem
occurred I had links that where using pure HTML code, like link here. When the user’s clicked on these
particular links, the Session ID changed and it made them log in

Once I changed the links to <%= link_to “link here” %> ruby calls, the
Session ID stayed the same and was carried over properly, without
prompting the user to log in again.

Might not be your particular problem, but maybe something to get your
mind thinking …


Thanks LAB…but I don’t think this is my problem as it does not
explain why it occurs for a subset of users…

one thing I did uncover using pound for load balancing was errors in
my pound log - for each request that did not receive that did not get
the session id returned the following entry appeared -
line too long: Cookie:xxxxxx