ruby-on-railsrubyusabilityprotect-from-forgeryexpired-sessions

Invalid Authencity Token after deploy


Whenever I deploy a new version of an rails app, the authenticity token of the previous release becomes invalid. That's the normal behavior. I'm not looking to change that.

However, any user that still has a page open on the last version, will get an invalid token error if they try to do a post request.

What can I do to stop them from getting this errors?


Solution

  • Where do you store your sessions? Deploying per se will not invalid sessions if the new code can reach the old sessions (e.g Cookie, DB or shared folder based sessions).

    Only if you deploy with Capistrano/Webistrano and the sessions are stored in the actual release folder (not the shared folder), then the old sessions will be lost and users need to aquire new auth_token.

    So, what you can do is try to preserve session data between deploys by using some kind of shared storage.