#2093 Session-Cookie appearing in content - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2093 ✓invalid

Session-Cookie appearing in content

Reported by Tobsch | February 27th, 2009 @ 11:44 AM | in 2.x

Hi there,

I have a problem with session cookies appearing in the content (on beginning of html output). like this: Set-Cookie: _wgspion_session=BAh7CjoPc2Vzc2lvbl9pZCIlY2FlOTg0YWY5M2FkNmI5Zjc2MmQ4OGQyMDgyM2EyYzQ6D3RyYWNrZWRfaXBUOgx1c2VyX2lkaQL6HCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgplcnJvciIWZmxhc2gubG9naW4uZXJyb3IGOgpAdXNlZHsGOwlUOgljaXR5IgxIYW1idXJn--b3e3d16abded5ecf6612e1ff9e9c2afab4d85e66; path=/; HttpOnly

Its the latest Edge. I'm using Rack 0.9.0, the newest mod_rails and apache 2.

Best,

Tobias

__WG_Angebote_und_Gesuche_-_Kostenlos_bei_WG-Spion_-_Auch_Nachmieter_und_Zwischenmieter_f_r_Deine_Wohnung_oder_WG.jpg 28.3 KB

Comments and changes to this ticket

You flagged this item as spam.
Tobsch February 27th, 2009 @ 11:45 AM
See the attached image...
You flagged this item as spam.
David Smalley March 2nd, 2009 @ 01:56 PM
I am also seeing this issue, will investigate
You flagged this item as spam.
David Smalley March 2nd, 2009 @ 02:15 PM
I wasn't able to precisely pin down at what point the Set-Cookie line gets added into the body. I was able to fix the issue by switching to the :active_record_store instead of using the cookie sessions.

It seems the issue only appears in cookie based sessions and only if you start setting extra cookies.

In my case I am using an old version of the restful_authentication plugin and it is only if the remember_me cookie is set that the session cookie gets printed into the body.

e.g. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }

Then the Set-Cookie line appears in the body of the page, but only contains the session cookie.

Checking headers in Firebug the "Cookie:" header contains both the auth_token and the session cookie.

Will continue to investigate...
You flagged this item as spam.
thedarkone March 2nd, 2009 @ 04:34 PM
Upgrade to Passenger 2.1, it should be fixed there.
You flagged this item as spam.
Richard Poirier March 4th, 2009 @ 06:46 AM
Same problem here. Anywhere I was setting a cookie in the app now puts it in the body of the response. This is with Passenger 2.0.6. It doesn't happen on mongrel.
You flagged this item as spam.
richy zhang March 6th, 2009 @ 11:09 AM
I have such a problem with Passenger 2.0.6 too. However, after Passenger is upgraded to 2.1.1, the problem disappears. This version of passenger is still in beta, so you can't get it from rubyforge. You may take a look at their blog(http://blog.phusion.nl/2009/03/0...>
You flagged this item as spam.
James Chen March 8th, 2009 @ 04:33 AM
Same problem here. Upgrading to Passenger 2.1.1(beta) solved the problem.
Pratik March 8th, 2009 @ 12:01 PM
- Assigned user set to “Pratik”
- State changed from “new” to “invalid”
Hongli confirmed upgrading to passenger 2.1.1 solves the problem.

Thanks.