Rails - Invalid Authenticity Token After Deploy

Question

We\'re using EngineYard Cloud to deploy our Ruby on Rails application. We are running Rails v2.3.3.

EngineYard Cloud deploys to AWS instances in a manner similar to

Answer 1

It sounds like the secret key used for authentication is changing when you redeploy, invalidating all existing sessions.

Do you have the configuration parameter config.action_controller.session set anywhere, and if you do, is there anything which would cause it to change when you redeploy?

One of my apps has it configured in config/environment.rb, and a more recent one (generated with Rails 2.3) has it set in config/initializers/session_store.rb. The setting looks like:

config.action_controller.session = {
    :secret      => 'long-string-of-hex-digits'
  }

If you don't have this configured for some reason, rake secret will generate a key for you, which can then be inserted into your configuration.

(If it is — and it's not being changed by your deployment processes — then I have no idea what's going on.)