I am noticing a strange behaviour. I am trying to logout user in a custom action in SessionsController and then in JS redirect the user to sign in page. My application is deployed on AWS behind a load balancer.
Below is the relevant session controller and javascript code.
def inactivity
user_signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(:user))
flash.now[:alert] = 'Logged out due to inactivity.'
flash.keep(:alert)
if user_signed_out
head :ok
else
raise "User could not be logged out."
end
end
Session.inactivity().then(function() {
Turbolinks.visit('/users/sign_in');
})
I am seeing in some scenarios instead of user redirecting to sign page, the user is logged in and redirected to home page although in inactive method i sign_out(user).
I checked the logs and see that in such scenarios sign_out is processed by one server and request to redirect to sign_in is processed by another server.
Could it be the case that one server is unaware that user is signed out and hence the user is redirected to the home page?
what could be a possible solution to this issue?
Thanks.
the server do not know about the sessions from other backend-servers if you use the wrong session store. For me it seems you should use the ActiveRecordStore. Then the session data are stored in the database. For more information see https://guides.rubyonrails.org/action_controller_overview.html#session or Does Ruby on Rails ActiveRecordStore work with load balancing across servers?