ruby-on-rails - Dyno 从 1 增加到 2 会产生authenticity_token 错误

Question

我是 Rails 和 Heroku 的新手，并且创建了一个基本的应用程序。过去几周我一直在 Heroku 中仅使用 1 个 dyno。现在我已经增加到两个并且收到 CSRF 错误，因为一旦涉及第二个测功机，真实性 token 就会被重置。至少我是这么认为的。但我仍在学习。

我在播客等中听说过很多关于 Resque、Sidekiq、memcached 和 dalli 的内容。这是我需要去学习的东西，这样我就可以弄清楚如何保留这个用户 session ，为什么有多个测功机。

这是 an early question 的后续内容但我不确定它们是否相关。我还和 phusion 乘客一起运行。

2014-05-17T08:46:59.603754+00:00 app[web.2]: App 120 stdout: Started POST "/users/sign_in" for 58.7.233.232 at 2014-05-17 08:46:59 +0000
2014-05-17T08:46:59.603819+00:00 app[web.2]: App 120 stdout: Processing by Devise::SessionsController#create as HTML
2014-05-17T08:46:59.603854+00:00 app[web.2]: App 120 stdout:   Parameters: {"utf8"=>"✓", "authenticity_token"=>"GalqKSrYuU2l9o2vxo3aWeqf4Xfvy+g5GAWbSXC6pvc=", "user"=>{"email"=>"<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1e7f7a737770306b6d7b6c5e7a71737f7770307d7173" rel="noreferrer noopener nofollow">[email protected]</a>", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2014-05-17T08:46:59.957414+00:00 heroku[router]: at=info method=POST path=/users/sign_in host=slapp.herokuapp.com request_id=f58dcf4f-a95f-4280-b0f9-4de593992774 fwd="58.7.233.232" dyno=web.2 connect=2ms service=599ms status=302 bytes=1408
2014-05-17T08:47:00.223198+00:00 heroku[router]: at=info method=GET path=/ host=slapp.herokuapp.com request_id=ddb2c5cc-0cc1-401b-ae98-b3c84a0fd8f7 fwd="58.7.233.232" dyno=web.1 connect=0ms service=15ms status=302 bytes=1178
2014-05-17T08:47:00.722430+00:00 heroku[router]: at=info method=GET path=/users/sign_in host=slapp.herokuapp.com request_id=20ab26a9-6b46-4b12-8019-a297fa63d324 fwd="58.7.233.232" dyno=web.2 connect=1ms service=49ms status=200 bytes=3069
2014-05-17T08:47:00.603875+00:00 app[web.2]: App 120 stdout: Redirected to https://slapp.herokuapp.com/

2014-05-17T08:47:00.603961+00:00 app[web.2]: App 120 stdout: Completed 302 Found in 547ms (ActiveRecord: 8.4ms)
2014-05-17T08:47:01.037974+00:00 app[web.1]: App 120 stdout: Started GET "/" for 58.7.233.232 at 2014-05-17 08:47:00 +0000
2014-05-17T08:47:01.037983+00:00 app[web.1]: App 120 stdout: Processing by StaticPagesController#index as HTML
2014-05-17T08:47:01.037987+00:00 app[web.1]: App 120 stdout: Completed 401 Unauthorized in 2ms

2014-05-17T08:47:01.604254+00:00 app[web.2]: App 120 stdout:   Rendered layouts/_shim.html.haml (3.0ms)
2014-05-17T08:47:01.604275+00:00 app[web.2]: App 120 stdout:   Rendered layouts/_navigation.html.haml (4.5ms)
2014-05-17T08:47:01.604377+00:00 app[web.2]: App 120 stdout: Completed 200 OK in 30ms (Views: 22.2ms | ActiveRecord: 0.0ms)
2014-05-17T08:47:01.604203+00:00 app[web.2]: App 120 stdout:   Rendered devise/sessions/new.html.haml within layouts/application (9.5ms)
2014-05-17T08:47:01.604088+00:00 app[web.2]: App 120 stdout: Started GET "/users/sign_in" for 58.7.233.232 at 2014-05-17 08:47:00 +0000
2014-05-17T08:47:01.604302+00:00 app[web.2]: App 120 stdout:   Rendered shared/_flash_messages.html.haml (0.3ms)
2014-05-17T08:47:01.604175+00:00 app[web.2]: App 120 stdout: Processing by Devise::SessionsController#new as HTML
2014-05-17T08:47:01.604335+00:00 app[web.2]: App 120 stdout:   Rendered layouts/_footer.html.haml (0.3ms)

Answer 1

我也遇到了这个问题，使用 devise 3.2.4、rails 4.0.5 和 unicorn。

我生成了 secret token 并将其存储到磁盘上。但每个 heroku dyno 都有自己的文件系统，因此两个 dyno 都有自己的 secret token 。当请求发送到另一个 dyno 时，它使用了另一个 secret token ，并且 session 被终止。

token 必须存储到 env 变量中并从 Secret_token.rb 中使用，如下所示:

YourApp::Application.config.secret_key_base = ENV['SECRET_TOKEN']

生成 token

rake secret

并设置它

heroku config:set SECRET_TOKEN=yourtoken