Search code examples
ruby-on-railssslnginxpassengerphusion

How do I get Nginx and Phusion Passenger to maintain sessions between two Rails instances?


I'm using Nginx with Phusion Passenger to run a Rails app on an EC2 CentOS machine.

I have a pretty standard set up with Nginx, Rails, Phusion Passenger and SSL (I think). My nginx.conf is below. So far it has worked out fine except that every time two requests hit the server at the same time, a new Rails instance is created to serve the second request.

The problem is that once the second request is directed to the newly created Rails instance, it loses the authenticated session from the original Rails instance, resulting in errors. My sessions are stored in memory.

As a workaround, I've set passenger_max_instances_per_app to 1 so on new Rails instances are created, but this is only a temporary fix.

Does anyone know how to make Nginx maintain the same session for requests from the same source? I might be missing something obvious here.

Thanks!

worker_processes  1;  

events {
    worker_connections  1024;
}

http {
    ...
    passenger_pool_idle_time 0;
    passenger_max_instances_per_app 1;

    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on; 
    keepalive_timeout  65;   

    # this server isn't rails enabled. 
    # will redirect all traffic to https
    server {
        listen       80; 
        server_name  example.com;
        rewrite ^ https://www.example.com$request_uri permanent;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }   
    }   

    # HTTPS server
    # - by default everything is served by https
    server {
        listen       443;
        server_name  www.example.com;
        root   /rails/root/public;
        passenger_enabled on;
        rails_env production;

        ssl                  on;
        ssl_certificate      /path/to/cert/www.example.com.crt;
        ssl_certificate_key  /path/to/cert/www.example.com.key;
        ssl_session_timeout  5m;
    }
}

Solution

  • We generally have passenger_max_pool_size 2; unless we leave it out entirely (taking the default setting) and the two settings you're specifying, passenger_pool_idle_time and passenger_max_instances_per_app we also leave to the default.

    The session key should be kept in a cookie so Rails can look it up between requests. Assuming that's working properly, the problem is that multiple Rails instances aren't sharing memory (feature, not a bug - they're processes, not threads) and therefore don't share session data. Try moving your session information into ActiveRecord:

    # Use the database for sessions instead of the cookie-based default,
    # which shouldn't be used to store highly confidential information
    # (create the session table with "rake db:sessions:create")
    ActionController::Base.session_store = :active_record_store
    

    (the above code is in config/initializers/session_store.rb)

    That way, because the data store is accessibly to multiple Rails processes, they should all have access to the same pool of active sessions.