I am having a doubt that why my SessionID is changing for each web page after login in ruby-on-rails web application. Generally SessionID will be constant for a user through out the session till the user logoff. But in my case its changing. I am using a ruby webapplication - assancart, I used a python code for getting the cookie data from the cookiejar.
The data in cookie I got it after login is:
BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJTEzZjQ3MWVlYzFjYzEwMWM2MzRlNGYxYWUyYWFkMDVhBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUNHNmQ0c3V3bGFKVXZnTE11cllEdEViQW1kTUh2QW8yYmxQV2ZIRTlxeGc9BjsARg%3D%3D--e7a7067f9124f0e9524ad580acd3461240df9a95
When I decode it, I got
{"session_id"=>"13f471eec1cc101c634e4f1ae2aad05a",
"_csrf_token"=>"CG6d4suwlaJUvgLMurYDtEbAmdMHvAo2blPWfHE9qxg="}
When I click a link in that page (after login) and again tried to read cookie, then I got cookie data as:
BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJWE1YzJhY2QyM2I1ZWJiZTZkNGJhODI2MTE5MDRhYjg2BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMWVJdjZkWnE4QnJVeXFQV2JiUnZ4b1VqOWQwL2IzLzI1QThhRDJaRmo1MjQ9BjsARg%3D%3D--ffdc5c4a36a476d0b2f5ccf7917ca74a6687a42f
When I decode the above result, I got:
{"session_id"=>"a5c2acd23b5ebbe6d4ba82611904ab86",
"_csrf_token"=>"eIv6dZq8BrUyqPWbbRvxoUj9d0/b3/25A8aD2ZFj524="}
When I compare both the SessionID it differs, but SessionID must be same for throughout the login. Why it is happening to me like that.
Other thing I want to know is cookies will have session values also, but I am not getting that session values such as session role, etc etc, when I am reading cookie.
Can any one give me a answer for this?