I am new to rails and heroku and have created a basic app. I have been playing around in Heroku for the last couple of weeks using just 1 dyno. Now I have increased to two and am getting CSRF errors because the authenticity token is being reset once the second dyno gets involved. At least this is what I think. But I am still learning.
I have heard a lot in podcasts etc about Resque, Sidekiq, memcached and dalli. Is this something I need to go and learn so I can figure out how to persist this users session why there are multiple dynos.
This is a follow on from an early question but I am not sure if they are related or not. Also I am running with phusion passenger.
2014-05-17T08:46:59.603754+00:00 app[web.2]: App 120 stdout: Started POST "/users/sign_in" for 58.7.233.232 at 2014-05-17 08:46:59 +0000
2014-05-17T08:46:59.603819+00:00 app[web.2]: App 120 stdout: Processing by Devise::SessionsController#create as HTML
2014-05-17T08:46:59.603854+00:00 app[web.2]: App 120 stdout: Parameters: {"utf8"=>"✓", "authenticity_token"=>"GalqKSrYuU2l9o2vxo3aWeqf4Xfvy+g5GAWbSXC6pvc=", "user"=>{"email"=>"admin.user@domain.com", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2014-05-17T08:46:59.957414+00:00 heroku[router]: at=info method=POST path=/users/sign_in host=slapp.herokuapp.com request_id=f58dcf4f-a95f-4280-b0f9-4de593992774 fwd="58.7.233.232" dyno=web.2 connect=2ms service=599ms status=302 bytes=1408
2014-05-17T08:47:00.223198+00:00 heroku[router]: at=info method=GET path=/ host=slapp.herokuapp.com request_id=ddb2c5cc-0cc1-401b-ae98-b3c84a0fd8f7 fwd="58.7.233.232" dyno=web.1 connect=0ms service=15ms status=302 bytes=1178
2014-05-17T08:47:00.722430+00:00 heroku[router]: at=info method=GET path=/users/sign_in host=slapp.herokuapp.com request_id=20ab26a9-6b46-4b12-8019-a297fa63d324 fwd="58.7.233.232" dyno=web.2 connect=1ms service=49ms status=200 bytes=3069
2014-05-17T08:47:00.603875+00:00 app[web.2]: App 120 stdout: Redirected to https://slapp.herokuapp.com/
2014-05-17T08:47:00.603961+00:00 app[web.2]: App 120 stdout: Completed 302 Found in 547ms (ActiveRecord: 8.4ms)
2014-05-17T08:47:01.037974+00:00 app[web.1]: App 120 stdout: Started GET "/" for 58.7.233.232 at 2014-05-17 08:47:00 +0000
2014-05-17T08:47:01.037983+00:00 app[web.1]: App 120 stdout: Processing by StaticPagesController#index as HTML
2014-05-17T08:47:01.037987+00:00 app[web.1]: App 120 stdout: Completed 401 Unauthorized in 2ms
2014-05-17T08:47:01.604254+00:00 app[web.2]: App 120 stdout: Rendered layouts/_shim.html.haml (3.0ms)
2014-05-17T08:47:01.604275+00:00 app[web.2]: App 120 stdout: Rendered layouts/_navigation.html.haml (4.5ms)
2014-05-17T08:47:01.604377+00:00 app[web.2]: App 120 stdout: Completed 200 OK in 30ms (Views: 22.2ms | ActiveRecord: 0.0ms)
2014-05-17T08:47:01.604203+00:00 app[web.2]: App 120 stdout: Rendered devise/sessions/new.html.haml within layouts/application (9.5ms)
2014-05-17T08:47:01.604088+00:00 app[web.2]: App 120 stdout: Started GET "/users/sign_in" for 58.7.233.232 at 2014-05-17 08:47:00 +0000
2014-05-17T08:47:01.604302+00:00 app[web.2]: App 120 stdout: Rendered shared/_flash_messages.html.haml (0.3ms)
2014-05-17T08:47:01.604175+00:00 app[web.2]: App 120 stdout: Processing by Devise::SessionsController#new as HTML
2014-05-17T08:47:01.604335+00:00 app[web.2]: App 120 stdout: Rendered layouts/_footer.html.haml (0.3ms)
I had this problem too, with devise 3.2.4, rails 4.0.5 and unicorn.
I generated and stored secret token to a disk. But each heroku dyno has their own filesystem, so both dynos had their own secret token. When the request went to the other dyno, it used the other secret token and session got killed.
The token must be stored to the env variable and used from secret_token.rb like this:
YourApp::Application.config.secret_key_base = ENV['SECRET_TOKEN']
Generate the token
rake secret
And set it with
heroku config:set SECRET_TOKEN=yourtoken