I am currently integrating my company's SSO solution with my Rails 3.1.3 application.
I am using Apache with SiteMinder enabled. SiteMinder redirects the request based on their SSO authentication status. After authentication, SiteMinder then redirects the EVERY request to its central URL to see if the authentication token has expired. It re-builds the authentication token, and then redirects back to my Rails application.
While this is happening, my users' Rails sessions are reset in a seemingly random interval. I know this because the session id cookie value is changing.
This only happens when SiteMinder is enabled. When I turn it off, Rails sessions are saved as expected.
What is the conflict? Does Rails somehow know about the redirection that happens with the SiteMinder module? My application is deployed using Passenger; if I change the PassengerSpawnMethod method to conservative, will this help?
source
share