Wednesday, August 20, 2014
I'm having an issue with my Rails 3.2.19 app.
-- If someone is idle on our site for 20 minutes and they had items in their cart, then on their next request, we clear their cart, redirect them to the homepage and display a message telling them that their session expired.
Roughly this is what happens:
- User clicks anywhere
- before_filter in application_controller determine that user session has expired and that they had items in their cart
- we destroy their session via `reset_session`
- we set up a new session for them
- we redirect them to the home page.
Now here is where things go haywire. When the home page starts to load, the before_filters fire again. Now instead of evaluating the session as recent/not expired, it is evaluated as expired again and they are redirected again. Now we're in an infinite redirect loop.
So, what's going on?
I figured out how to detect that an infinite loop is occurring, so I raise an error as soon as it starts.
Adding some logging and digging into the Exception Notifier emails I receive I observe this:
Error raised at 14:34:43.
Session info (logged first thing in the application_controller before the before_filters start manipulating it): {"session_id"=>"bc9dc91ac0b35af72308f0dfca92fd0c", "_csrf_token"=>"NpDWfN3Re1MAPam6DTd00d9R8bkuowunRrSXBYQrCU=", "updated_at"=>Wed, 20 Aug 2014 13:48:06}
So, the session is expired. Why? Didn't I just create a new one?
I keep digging and see this in the exception email:
* rack.request.cookie_string: _myapp_session=EnCodEdCoOkIeStRiNg1--78426612a47f5de3cc2acff7d99df6cf8395769a; _myapp_session=EnCodEdCoOkIeStRiNg2—e2ddc6d345fd3e9b91322e7194e56145ec6b5721
(I changed the strings, obviously)
There are two keys for my site!
Since this is Rails 3, I decoded both and see that the first one contains the old session info, and the second one contains the newer session info.
Rails (Rack?) keeps loading up the first, older session, which is causing my redirect loop. I believe this is the code responsible for loading the cookie. (env["HTTP_COOKIE"] does contain the same string as rack.request.cookie_string, including the two keys for my app)
So, anybody have any idea why both cookies are present?
I've been searching and haven't found others with this issue.
This doesn't happen to every user.
I've been logging HTTP_USER_AGENT strings, and it's happening in IE, Safari, and an Android browser.
Any help will be appreciated. This is driving me crazy.
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/e16f4ba6-318b-4dbe-988f-19a9824b9f57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment