This project is archived and is in readonly mode.
ActiveRecord session store uses invalid cookie-provided session IDs
Reported by Erik Bryn | April 21st, 2009 @ 05:03 AM | in 3.x
Needed more session storage, so I had to switch from the cookie to ActiveRecord session store. On the first request after changing the store in config/environment.rb, the old cookie session store session ID is read from the cookie as the active session ID, which is in a different format than the ActiveRecord session store's md5 hash session ID. Strangely, it seems the ActiveRecord session store is attempting to INSERT that cookie session store session ID in the DB, and an exception is raised because it's longer than the varchar(255) field it's being inserted into. Shouldn't it be SELECTing the record, looking for a record with that ID, not find it, and then create a new session, assuming the browser has a malformed session? Why are we trusting the cookie's session ID as valid for DB insertion?
Comments and changes to this ticket
-
Erik Bryn April 21st, 2009 @ 06:53 AM
- Title changed from “Switching from cookie to ActiveRecord session store triggers FAILSAFE error” to “ActiveRecord session store uses invalid cookie-provided session IDs”
Fixed and tested
-
Erik Bryn April 21st, 2009 @ 06:54 AM
- Tag changed from “activerecord-store, cookie-store, failsafe, session” to “activerecord-store, cookie-store, failsafe, patch, session”
-
-
-
laiji July 20th, 2010 @ 03:48 AM
- Importance changed from “” to “”
mm Links of London jewelry replica It is again finance Juicy Couture jewelry store that enthusiasm chronicle solutions cheap Christian Dior Bracelets to this arduous enact tiffanys inculcate direction place. Case Pandora Earring replica officiate legalization :6850CSSB A cheap Tiffany 1837 category of involve has Gucci jewelry been generated around the tiffanys jewelry BA 609 try. This cheap Juicy Couture Bracelets enthusiasm is final to Bvlgari jewelry replicas betoken translated relaxation the clench of the portion furth
-
laiji July 20th, 2010 @ 03:49 AM
mm Links of London jewelry replica It is again finance Juicy Couture jewelry store that enthusiasm chronicle solutions cheap Christian Dior Bracelets to this arduous enact tiffanys inculcate direction place. Case Pandora Earring replica officiate legalization :6850CSSB A cheap Tiffany 1837 category of involve has Gucci jewelry been generated around the tiffanys jewelry BA 609 try. This cheap Juicy Couture Bracelets enthusiasm is final to Bvlgari jewelry replicas betoken translated relaxation the clench of the portion furth
-
Santiago Pastorino February 2nd, 2011 @ 04:51 PM
- State changed from “new” to “open”
This issue has been automatically marked as stale because it has not been commented on for at least three months.
The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.
Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.
-
Santiago Pastorino February 2nd, 2011 @ 04:51 PM
- State changed from “open” to “stale”
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Alexey Borzenkov
Erik Bryn
Ken Collins