This project is archived and is in readonly mode.

#2093 ✓invalid

Session-Cookie appearing in content

Reported by Tobsch | February 27th, 2009 @ 11:44 AM | in 2.x

Hi there,

I have a problem with session cookies appearing in the content (on beginning of html output). like this: Set-Cookie: _wgspion_session=BAh7CjoPc2Vzc2lvbl9pZCIlY2FlOTg0YWY5M2FkNmI5Zjc2MmQ4OGQyMDgyM2EyYzQ6D3RyYWNrZWRfaXBUOgx1c2VyX2lkaQL6HCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgplcnJvciIWZmxhc2gubG9naW4uZXJyb3IGOgpAdXNlZHsGOwlUOgljaXR5IgxIYW1idXJn--b3e3d16abded5ecf6612e1ff9e9c2afab4d85e66; path=/; HttpOnly

Its the latest Edge. I'm using Rack 0.9.0, the newest mod_rails and apache 2.



Comments and changes to this ticket

  • Tobsch

    Tobsch February 27th, 2009 @ 11:45 AM

    See the attached image...

  • David Smalley

    David Smalley March 2nd, 2009 @ 01:56 PM

    I am also seeing this issue, will investigate

  • David Smalley

    David Smalley March 2nd, 2009 @ 02:15 PM

    I wasn't able to precisely pin down at what point the Set-Cookie line gets added into the body. I was able to fix the issue by switching to the :active_record_store instead of using the cookie sessions.

    It seems the issue only appears in cookie based sessions and only if you start setting extra cookies.

    In my case I am using an old version of the restful_authentication plugin and it is only if the remember_me cookie is set that the session cookie gets printed into the body.

    e.g. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }

    Then the Set-Cookie line appears in the body of the page, but only contains the session cookie.

    Checking headers in Firebug the "Cookie:" header contains both the auth_token and the session cookie.

    Will continue to investigate...

  • thedarkone

    thedarkone March 2nd, 2009 @ 04:34 PM

    Upgrade to Passenger 2.1, it should be fixed there.

  • Richard Poirier

    Richard Poirier March 4th, 2009 @ 06:46 AM

    Same problem here. Anywhere I was setting a cookie in the app now puts it in the body of the response. This is with Passenger 2.0.6. It doesn't happen on mongrel.

  • richy zhang

    richy zhang March 6th, 2009 @ 11:09 AM

    I have such a problem with Passenger 2.0.6 too. However, after Passenger is upgraded to 2.1.1, the problem disappears. This version of passenger is still in beta, so you can't get it from rubyforge. You may take a look at their blog(>

  • James Chen

    James Chen March 8th, 2009 @ 04:33 AM

    Same problem here. Upgrading to Passenger 2.1.1(beta) solved the problem.

  • Pratik

    Pratik March 8th, 2009 @ 12:01 PM

    • Assigned user set to “Pratik”
    • State changed from “new” to “invalid”

    Hongli confirmed upgrading to passenger 2.1.1 solves the problem.


Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>