Users logged out after switching to Redis Cache

Question

Okay,

We are running a Ruby on Rails application, and just recently switched from the standard cookie-store for our sessions to an actual Redis Cache for the session-store.

We're receiving now sporadic reports that people lose their login session and need to login again on the application.

Our Redis is configured tp persist the information, and we are not explicitly calling Rails.cache.clear or anything. The implementation of our Cache looks as follows:

class Application < Rails::Application
  # Redis Cache Configuration.
  config.cache_store = :redis_store, Chamber[:redis][:cache]
  config.session_store :redis_store,
    redis_server: Chamber[:redis][:cache],
    key: Chamber[:redis][:session_key],
    expire_after: 1.year
  config.action_dispatch.rack_cache = {
    metastore: "#{Chamber[:redis][:cache]}/metastore",
    entitystore: "#{Chamber[:redis][:cache]}/entitystore"
  }
end

I'm having a really hard time reproducing the behaviour, or running into the situation myself.

Can anyone who has implemented a similar system provide some feedback/input to the issue at hand?

Answer 1

One of the reason might be CSRF mismatch, this is why the users are been logged off. Check if you have a fragment cached on form's where CSRF are stored in cache, in such case try omitting forms from caching.