I have a Rails app running on Ubuntu, Nginx, and Thin.
When I stop Nginx and I stop the Thin servers, to a $ cap deploy and then restart Thin and Nginx, I would expect the user to have to log back in. But, they don't.
Is there a way to force them to log-in again?
Thanks!
Users don't have to log back in because their sessions are stored in a persistent session store (typically a database) that Rails doesn't modify between deployments. A logged-in user's browser send cookies on every HTTP request, and Rails authenticates these cookies against the session store. To force users to log back in you have to modify this session store by either deleting records or changing the expiration time.
Assuming you are storing your sessions in a database using ActiveRecord,
rake db:sessions:clear
should force expire all existing sessions by deleting all rows in the table that stores the sessions.