Invalidating a session in

grants access to whatever data and functionalities are defined to be session-based.What is usually done is: From your question, I suppose that you would like the browser "closure" to act like a logout button.This should be done by server-side check: On each (valid) request, store the request time in/for this session.Whenever a subsequent request is made, check the current time against the previous request time.However, as soon as the system moved to two dynos or more, servers running on different dynos may handle different requests, meaning that different requests will have different views of server-local data.

The session affinity mechanism will resume from that endpoint, but the original one will be abandoned. Session affinity is usually an optimization and not a replacement for long-lived connections.

They can, more or less, assume that what worked for a single-dyno system can keep working when you add more dynos.

In a system without session affinity, if the programmer developed a way to store user data in memory (and nowhere else), this would work fine on one dyno.

Heroku’s session affinity mechanism has the following properties: The requirement for HTTP cookies is there because it has been judged the most reliable and least invasive means by which to offer session affinity (compared with other means such as IP addresses or URL-based mechanisms).

As soon as the feature is enabled on an application, the Heroku router will start adding an HTTP cookie named to every new request and response.

Leave a Reply