424 2 true 2009-02-13T01:25:01+00:00 23021 2009-01-31T00:00:00+00:00 1957 sessions-break-in-23-with-mongrel 40 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-18T19:40:23+00:00 17104 Luigi Montanez Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 Starting Mongrel with the following command while using Rails v2.3.0 (git tag) and cookie stored sessions prevents any updates to my session from getting communicated back to the browser. The only test I have at the moment is to start Mongrel using "mongrel_rails start -d --port=3001 --environment=development --pid `pwd`/tmp/pids/mongrel_selenium.pid" and to do something such as a login. I don't have this problem using Passenger, Thin, or ./script/server with Mongrel. Scott Taylor posted a comment regarding his experience with this issue over at http://rails.lighthouseapp.com/projects/8994/tickets/1823-bugpatch-response-and-request-objects-dont-use-the-same-session My Mongrel version is 1.1.5. Starting Mongrel with the following command while using Rails v2.3.0 (git tag) and cookie stored sessions prevents any updates to my session from getting communicated back to the browser. The only test I have at the moment is to start Mongrel using "mongrel_rails start -d --port=3001 --environment=development --pid `pwd`/tmp/pids/mongrel_selenium.pid" and to do something such as a login. I don't have this problem using Passenger, Thin, or ./script/server with Mongrel. Scott Taylor posted a comment regarding his experience with this issue over at http://rails.lighthouseapp.com/projects/8994/tickets/1823-bugpatch-response-and-request-objects-dont-use-the-same-session My Mongrel version is 1.1.5. <div><p>Starting Mongrel with the following command while using Rails v2.3.0 (git tag) and cookie stored sessions prevents any updates to my session from getting communicated back to the browser.</p> <p>The only test I have at the moment is to start Mongrel using "mongrel_rails start -d --port=3001 --environment=development --pid <code>pwd</code>/tmp/pids/mongrel_selenium.pid" and to do something such as a login.</p> <p>I don't have this problem using Passenger, Thin, or ./script/server with Mongrel. Scott Taylor posted a comment regarding his experience with this issue over at <a href="http://rails.lighthouseapp.com/projects/8994/tickets/1823-bugpatch-response-and-request-objects-dont-use-the-same-session"> http://rails.lighthouseapp.com/p...</a></p> <p>My Mongrel version is 1.1.5.</p></div> 0 Starting Mongrel with the following command while using Rails v2.3.0 (git tag) and cookie stored sessions prevents any updates to my session from getting communicated back to the browser. The only test I have at the moment is to start Mongrel using "mongrel_rails start -d --port=3001 --environment=development --pid `pwd`/tmp/pids/mongrel_selenium.pid" and to do something such as a login. I don't have this problem using Passenger, Thin, or ./script/server with Mongrel. Scott Taylor posted a comment regarding his experience with this issue over at http://rails.lighthouseapp.com/projects/8994/tickets/1823-bugpatch-response-and-request-objects-dont-use-the-same-session My Mongrel version is 1.1.5. <div><p>Starting Mongrel with the following command while using Rails v2.3.0 (git tag) and cookie stored sessions prevents any updates to my session from getting communicated back to the browser.</p> <p>The only test I have at the moment is to start Mongrel using "mongrel_rails start -d --port=3001 --environment=development --pid <code>pwd</code>/tmp/pids/mongrel_selenium.pid" and to do something such as a login.</p> <p>I don't have this problem using Passenger, Thin, or ./script/server with Mongrel. Scott Taylor posted a comment regarding his experience with this issue over at <a href="http://rails.lighthouseapp.com/projects/8994/tickets/1823-bugpatch-response-and-request-objects-dont-use-the-same-session"> http://rails.lighthouseapp.com/p...</a></p> <p>My Mongrel version is 1.1.5.</p></div> false 2009-02-13T01:25:02+00:00 23021 --- {} 9903 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bugs cookiestore sessions 2009-02-13T01:25:07+00:00 23021 Nolan Eakins Nolan Eakins http://rails.lighthouseapp.com/projects/8994/tickets/1957 2.x 0 See the comments in #1823 for more info <div><p>See the comments in <a href="/projects/8994/tickets/1823" title="Ticket #1823">#1823</a> for more info</p></div> false 2009-02-13T01:48:19+00:00 23021 --- {} 9903 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bugs cookiestore sessions 2009-02-13T01:48:20+00:00 13817 Scott Taylor Nolan Eakins http://rails.lighthouseapp.com/projects/8994/tickets/1957 2.x 0 Nolan - Can you try out the patch I'm attaching to this ticket? It looks like the Set-Cookie header isn't being set properly. Mongrel expects an options hash like {:Set-Cookie => "var=value"}, but occasionally an array will be given instead, like so: {"Set-Cookie" => ["var=value", "var2=value"]} Looks like thin handles these nested values. Mongrel doesn't, and ends up sending the header "Set-Cookie: " - i.e., with an empty value. <div><p>Nolan - Can you try out the patch I'm attaching to this ticket?<br></p> <p>It looks like the Set-Cookie header isn't being set properly. Mongrel expects an options hash like {:Set-Cookie =&gt; "var=value"}, but occasionally an array will be given instead, like so: {"Set-Cookie" =&gt; ["var=value", "var2=value"]}</p> <p>Looks like thin handles these nested values. Mongrel doesn't, and ends up sending the header "Set-Cookie: " - i.e., with an empty value.</p></div> false 2009-02-13T04:51:23+00:00 23021 --- :tag: 2.3 actionpack bugs cookiestore sessions 9903 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-13T04:51:26+00:00 13817 Scott Taylor Nolan Eakins http://rails.lighthouseapp.com/projects/8994/tickets/1957 2.x 1 Actually, try the following patch. The code is a bit cleaner. <div><p>Actually, try the following patch. The code is a bit cleaner.</p></div> false 2009-02-13T04:56:36+00:00 23021 --- {} 9903 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-13T04:56:41+00:00 13817 Scott Taylor Nolan Eakins http://rails.lighthouseapp.com/projects/8994/tickets/1957 2.x 2 Well Scott, your patch seemed to fix the issue I was having. Congrats. Now to annoy a comitter... <div><p>Well Scott, your patch seemed to fix the issue I was having. Congrats.</p> <p>Now to annoy a comitter...</p></div> false 2009-02-14T01:26:53+00:00 23021 --- {} 9903 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T01:26:59+00:00 23021 Nolan Eakins Nolan Eakins http://rails.lighthouseapp.com/projects/8994/tickets/1957 2.x 424 2 false 2009-02-14T03:44:25+00:00 23021 --- :milestone: 9903 :assigned_user: 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T03:44:32+00:00 424 Joshua Peek Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 The real issue (at least that I'm seeing) is that multiple cookies in a single response are concatenated into a single malformed Set-Cookie header (as if Array#to_s is called) rather than separate headers. The patch prevents this by giving the last cookie precedence but at the cost of limiting a response to setting a single cookie. I've yet to find the proper fix for this issue but -1 on this patch. <div><p>The real issue (at least that I'm seeing) is that multiple cookies in a single response are concatenated into a single malformed Set-Cookie header (as if Array#to_s is called) rather than separate headers. The patch prevents this by giving the last cookie precedence but at the cost of limiting a response to setting a single cookie.</p> <p>I've yet to find the proper fix for this issue but -1 on this patch.</p></div> false 2009-02-14T09:44:47+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T09:44:52+00:00 10222 Tim Pope Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 2 I'm starting to look at this a little deeper. I'm seeing a ton of duplicated cookie building code in ActionPack and Rack. Namely in: * Rails ** actionpack/lib/action_controller/response.rb ** actionpack/lib/action_controller/session/cookie_store.rb * Rack: rack/lib/rack/response.rb Not sure why there needs to be three implementations that at first glance seem to do the same. <div><p>I'm starting to look at this a little deeper. I'm seeing a ton of duplicated cookie building code in ActionPack and Rack. Namely in:</p> <ul> <li>Rails <strong>actionpack/lib/action_controller/response.rb</strong> actionpack/lib/action_controller/session/cookie_store.rb</li> <li>Rack: rack/lib/rack/response.rb</li> </ul> <p>Not sure why there needs to be three implementations that at first glance seem to do the same.</p></div> false 2009-02-14T18:51:40+00:00 23021 --- :assigned_user: 424 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T18:51:46+00:00 23021 Nolan Eakins Nolan Eakins http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Oops. Cleared the assigned user on this ticket. <div><p>Oops. Cleared the assigned user on this ticket.</p></div> false 2009-02-14T18:52:21+00:00 23021 --- :assigned_user: 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T18:52:24+00:00 23021 Nolan Eakins Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Looks like actionpack/lib/action_controller/session/abstract_store.rb also includes the same cookie building snippet as those files. Definitely getting off topic here, but I'm seeing this all over the place: <pre> cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid) cookie << "; domain=#{options[:domain]}" if options[:domain] cookie << "; path=#{options[:path]}" if options[:path] if options[:expire_after] expiry = Time.now + options[:expire_after] cookie << "; expires=#{expiry.httpdate}" end cookie << "; Secure" if options[:secure] cookie << "; HttpOnly" if options[:httponly] headers = response[1] case a = headers[SET_COOKIE] when Array a << cookie when String headers[SET_COOKIE] = [a, cookie] when nil headers[SET_COOKIE] = cookie end end </pre> <div><p>Looks like actionpack/lib/action_controller/session/abstract_store.rb also includes the same cookie building snippet as those files. Definitely getting off topic here, but I'm seeing this all over the place:</p> <pre> cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid) cookie &lt;&lt; "; domain=#{options[:domain]}" if options[:domain] cookie &lt;&lt; "; path=#{options[:path]}" if options[:path] if options[:expire_after] expiry = Time.now + options[:expire_after] cookie &lt;&lt; "; expires=#{expiry.httpdate}" end cookie &lt;&lt; "; Secure" if options[:secure] cookie &lt;&lt; "; HttpOnly" if options[:httponly] headers = response[1] case a = headers[SET_COOKIE] when Array a &lt;&lt; cookie when String headers[SET_COOKIE] = [a, cookie] when nil headers[SET_COOKIE] = cookie end end </pre></div> false 2009-02-14T18:59:17+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T18:59:23+00:00 23021 Nolan Eakins Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 More poking. My finger is tempted to point at the mongrel_rails command for not using Rack. Did come across http://www.ruby-forum.com/topic/154903 which is a thread about this exact issue. <div><p>More poking. My finger is tempted to point at the mongrel_rails command for not using Rack. Did come across <a href="http://www.ruby-forum.com/topic/154903">http://www.ruby-forum.com/topic/...</a> which is a thread about this exact issue.</p></div> false 2009-02-14T20:06:48+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T20:06:51+00:00 23021 Nolan Eakins Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 I commented on Scott's ticket, but I seem to be having a similar problem with Passenger. <div><p>I commented on Scott's ticket, but I seem to be having a similar problem with Passenger.</p></div> false 2009-02-14T21:32:39+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-14T21:32:46+00:00 37717 Josh Pencheon Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 There were some 1.9 spec changes in Rack recently. Headers need to be strings instead of arrays. @@@ ruby cookie = build_cookie(@key, cookie.merge(options)) unless headers[HTTP_SET_COOKIE].blank? headers[HTTP_SET_COOKIE] << "\n#{cookie}" else headers[HTTP_SET_COOKIE] = cookie end @@@ Not sure how this changes things. Can you please try again with edge rails. <div><p>There were some 1.9 spec changes in Rack recently. Headers need to be strings instead of arrays.</p> <pre><code class="ruby"> cookie = build_cookie(@key, cookie.merge(options)) unless headers[HTTP_SET_COOKIE].blank? headers[HTTP_SET_COOKIE] &lt;&lt; &quot;\n#{cookie}&quot; else headers[HTTP_SET_COOKIE] = cookie end </code></pre> <p>Not sure how this changes things. Can you please try again with edge rails.</p></div> false 2009-02-15T00:27:11+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-15T00:27:13+00:00 424 Joshua Peek Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Joshua, I just tried master with `mongrel_rails` and no improvement there. I should give Mongrel's head a try, but a no go w/ 1.1.5 which given my poking around earlier today I'm assuming is not using Rack. <div><p>Joshua, I just tried master with <code>mongrel_rails</code> and no improvement there. I should give Mongrel's head a try, but a no go w/ 1.1.5 which given my poking around earlier today I'm assuming is not using Rack.</p></div> false 2009-02-15T00:35:50+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-15T00:35:53+00:00 23021 Nolan Eakins Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 On edge rails (238a6bb62dc153743a0abc6eb1e35392ac799d65) and passenger (2.0.6, osx), I still have problems setting any kind of cookies. On edge last week (as of feb 10), I had the same problem running mongrel; today, mongrel sets cookies where passenger fails. == the details... Literally spent hours one day last week trying to debug this, and got nowhere. Watching the cookies get set with the charles proxy, my impression was that the header was malformed -- too many newlines I think -- and the cookie header ended up in the content. Testing now again with edge seems to support that -- I'm actually getting "Set-Cookie: _myapp_session=BAh7CToPc2Vzc2lv..." displayed in the browser, before the <!DOCTYPE. ! But there are so many moving parts (rails/rack/passenger) I wasn't sure where to look to narrow down the problem. Hopefully you know where to look? Not sure if I'm doing anything weird -- it's a pretty vanilla resful_auth setup. <div><p>On edge rails (238a6bb62dc153743a0abc6eb1e35392ac799d65) and passenger (2.0.6, osx), I still have problems setting any kind of cookies. On edge last week (as of feb 10), I had the same problem running mongrel; today, mongrel sets cookies where passenger fails.</p> <p>== the details...</p> <p>Literally spent hours one day last week trying to debug this, and got nowhere. Watching the cookies get set with the charles proxy, my impression was that the header was malformed -- too many newlines I think -- and the cookie header ended up in the content. Testing now again with edge seems to support that -- I'm actually getting "Set-Cookie: _myapp_session=BAh7CToPc2Vzc2lv..." displayed in the browser, before the &lt;!DOCTYPE. !</p> <p>But there are so many moving parts (rails/rack/passenger) I wasn't sure where to look to narrow down the problem. Hopefully you know where to look? Not sure if I'm doing anything weird -- it's a pretty vanilla resful_auth setup.</p></div> false 2009-02-15T17:03:47+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-15T17:03:54+00:00 22427 David Reese Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 I take Tim Pope's and Nolan's comments to heart. I'm not super fond of the patch, and there is a crapload of duplicated code (almost all of the session cookie store and the abstract session store are duplicated code). I'll look into searching for all of the places where a cookie may be built into an array, which is the real issue. Does the http spec allow sending multiple Set-Cookie headers? <div><p>I take Tim Pope's and Nolan's comments to heart. I'm not super fond of the patch, and there is a crapload of duplicated code (almost all of the session cookie store and the abstract session store are duplicated code).</p> <p>I'll look into searching for all of the places where a cookie may be built into an array, which is the real issue.</p> <p>Does the http spec allow sending multiple Set-Cookie headers?</p></div> false 2009-02-16T01:23:58+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 new 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-16T01:24:03+00:00 10212 Scott Taylor Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Confirmed. Working on issue. The fix should be applied to ActionController::CGIHandler @@@ $ curl -I localhost:3000/hello HTTP/1.1 200 OK Connection: close Date: Mon, 16 Feb 2009 21:21:35 GMT X-Runtime: 2 ETag: "bea8252ff4e80f41719ea13cdf007273" X-Test: 1 Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0, must-revalidate Content-Length: 14 $ curl -I localhost:3000/hello HTTP/1.1 200 OK Connection: close Date: Mon, 16 Feb 2009 21:21:54 GMT Status: 200 ETag: "bea8252ff4e80f41719ea13cdf007273" X-Runtime: 5 Cache-Control: private, max-age=0, must-revalidate X-Test: 1 2 3 Server: Mongrel 1.1.5 Content-Type: text/html; charset=utf-8 Set-Cookie: Content-Length: 14 @@@ <div><p>Confirmed. Working on issue.</p> <p>The fix should be applied to ActionController::CGIHandler</p> <pre><code> $ curl -I localhost:3000/hello HTTP/1.1 200 OK Connection: close Date: Mon, 16 Feb 2009 21:21:35 GMT X-Runtime: 2 ETag: &quot;bea8252ff4e80f41719ea13cdf007273&quot; X-Test: 1 Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0, must-revalidate Content-Length: 14 $ curl -I localhost:3000/hello HTTP/1.1 200 OK Connection: close Date: Mon, 16 Feb 2009 21:21:54 GMT Status: 200 ETag: &quot;bea8252ff4e80f41719ea13cdf007273&quot; X-Runtime: 5 Cache-Control: private, max-age=0, must-revalidate X-Test: 1 2 3 Server: Mongrel 1.1.5 Content-Type: text/html; charset=utf-8 Set-Cookie: Content-Length: 14 </code></pre></div> false 2009-02-16T21:23:29+00:00 23021 --- :state: new 1957 sessions-break-in-23-with-mongrel 0 8994 open 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-16T21:23:34+00:00 424 Joshua Peek Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 (from [b6e56efe07cb3c2e999216f995403aa9206226a2]) Special case in deprecated CGI proxy layer for Mongrel CGI cookies [#1957 state:resolved] http://github.com/rails/rails/commit/b6e56efe07cb3c2e999216f995403aa9206226a2 <div><p>(from [b6e56efe07cb3c2e999216f995403aa9206226a2]) Special case in deprecated CGI proxy layer for Mongrel CGI cookies [<a href="/projects/8994/tickets/1957" title="Ticket #1957">#1957</a> state:resolved] <a href="http://github.com/rails/rails/commit/b6e56efe07cb3c2e999216f995403aa9206226a2"> http://github.com/rails/rails/co...</a></p></div> true 2009-02-17T04:18:31+00:00 23021 --- :state: open 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T04:18:34+00:00 17393 Repository Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Good job there Josh. Checked out "master" and `mongrel_rails` allowed me to login. Seems to fix my issue. Now I just need a reason to drop Thin. :-) <div><p>Good job there Josh. Checked out "master" and <code>mongrel_rails</code> allowed me to login. Seems to fix my issue. Now I just need a reason to drop Thin. :-)</p></div> true 2009-02-17T05:10:01+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T05:10:04+00:00 23021 Nolan Eakins Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Didn't fix what I assumed was the same issue -- the session isn't working in Passenger either, which Josh Pencheon and I commented on above. On edge after that last commit (b6e56), I still get the "Set-Cookie" header showing up in the rendered HTML. Firefox 3, OSX, Passenger. If I should open a new ticket ("Sessions break in 2.3 with Passenger"), I will, but I don't know much more than I mentioned in my last comment. <div><p>Didn't fix what I assumed was the same issue -- the session isn't working in Passenger either, which Josh Pencheon and I commented on above.</p> <p>On edge after that last commit (b6e56), I still get the "Set-Cookie" header showing up in the rendered HTML. Firefox 3, OSX, Passenger.</p> <p>If I should open a new ticket ("Sessions break in 2.3 with Passenger"), I will, but I don't know much more than I mentioned in my last comment.</p></div> true 2009-02-17T05:23:29+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T05:23:31+00:00 22427 David Reese Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 @David The latest version version of passenger does not support the new rack 1.9 spec yet. I'll hook up with Hongli and we'll get this in. <div><p>@David The latest version version of passenger does not support the new rack 1.9 spec yet. I'll hook up with Hongli and we'll get this in.</p></div> true 2009-02-17T05:33:33+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T05:33:39+00:00 424 Joshua Peek Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 Thanks josh, I missed that somehow. So, all passenger users will have to upgrade (to a future Passenger version) to run 2.3? We should put that in writing somewhere, right? Just so nobody trying to help test 2.3 wastes any time trying to fix their cookies (like i did). <div><p>Thanks josh, I missed that somehow.</p> <p>So, all passenger users will have to upgrade (to a future Passenger version) to run 2.3? We should put that in writing somewhere, right? Just so nobody trying to help test 2.3 wastes any time trying to fix their cookies (like i did).</p></div> true 2009-02-17T05:43:05+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T05:43:09+00:00 22427 David Reese Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 David, I'm not sure. It may be possible for them to release a backwards and forward compat version of passenger. We'll see. Watch the passenger blog for updates: http://blog.phusion.nl/ <div><p>David, I'm not sure. It may be possible for them to release a backwards and forward compat version of passenger. We'll see.</p> <p>Watch the passenger blog for updates: <a href="http://blog.phusion.nl/">http://blog.phusion.nl/</a></p></div> true 2009-02-17T05:58:28+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T05:58:34+00:00 424 Joshua Peek Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 @Joshua -- it's a marketing/documentation thing more than anything -- that nowhere on the blog post about the Rails 2.3 beta, or on the release notes, or the changelog even, does it say anything about the session issue with Passenger. I'm not sure where I file a bug on the release notes? Let me put it another way -- the 2.3RC1 blog post says, "So please help us do thorough testing of this release candidate. Lots of the underpinnings changed. Especially the move to Rack." So how many other people like me are trying it out, trying to be helpful and tracking down bugs, and then getting stuck on the passenger issue? Like, maybe there should be a "Known issues" list or something. Just trying to be helpful here, let me know if there's something I'm missing. <div><p>@Joshua -- it's a marketing/documentation thing more than anything -- that nowhere on the blog post about the Rails 2.3 beta, or on the release notes, or the changelog even, does it say anything about the session issue with Passenger. I'm not sure where I file a bug on the release notes?</p> <p>Let me put it another way -- the 2.3RC1 blog post says, "So please help us do thorough testing of this release candidate. Lots of the underpinnings changed. Especially the move to Rack." So how many other people like me are trying it out, trying to be helpful and tracking down bugs, and then getting stuck on the passenger issue? Like, maybe there should be a "Known issues" list or something.</p> <p>Just trying to be helpful here, let me know if there's something I'm missing.</p></div> true 2009-02-17T17:44:22+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-17T17:44:24+00:00 22427 David Reese Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 424 2 The Phusion guys just fixed the Passenger problem: http://github.com/FooBarWidget/passenger/commit/87db9ab02c0a7ca98de9de62dfaf0c4094873eed Just clone the repo and follow the README. Hurrah! <div><p>The Phusion guys just fixed the Passenger problem:</p> <p><a href="http://github.com/FooBarWidget/passenger/commit/87db9ab02c0a7ca98de9de62dfaf0c4094873eed"> http://github.com/FooBarWidget/p...</a></p> <p>Just clone the repo and follow the README. Hurrah!</p></div> true 2009-02-18T19:40:16+00:00 23021 --- {} 1957 sessions-break-in-23-with-mongrel 0 8994 resolved 2.3 actionpack bug bugs cookiestore patch sessions 2009-02-18T19:40:23+00:00 17104 Luigi Montanez Nolan Eakins Joshua Peek http://rails.lighthouseapp.com/projects/8994/tickets/1957 a7cfa2225b3747cd8bbc223645fdd796a6649ade text/plain 2009-02-13T04:51:23+00:00 tmp.diff 88450 3676 13817 http://rails.lighthouseapp.com/attachments/88450/tmp.diff 14ef320bade44d56c0c37ed46843335f62cc9fe3 text/plain 2009-02-13T04:56:36+00:00 0001-Set-Cookie-header-should-always-be-a-string-never-a.patch 88451 4393 13817 http://rails.lighthouseapp.com/attachments/88451/0001-Set-Cookie-header-should-always-be-a-string-never-a.patch