I'm experiencing a bizarre issue with the way Rails stores session ID's for users. I can't imagine this is the intended behavior, but I'm also not sure what I'm doing to cause it to work this way.
I'm using a Redis cache store instead of cookies:
AppName::Application.config.session_store(
:cache_store,
key: '_appname_session',
secret: 'secret_token',
secure: true
)
Where secret_token is a hard coded token that was generated in the past.
Whenever I log into my application, it creates a cookie:
Name: _appname_session
Content: randomly_generated_token
However, if I log out, then log in as a completely different user, randomly_generated_token stays the same.
I'm using authlogic as my authentication library. Any insight as to why this is occurring, or how I can force it to be unique, would be appreciated.