This project is archived and is in readonly mode.

#6111 ✓stale

Sessions should not be saved unless dirty [patch]

Reported by Fjan | December 3rd, 2010 @ 01:01 PM

At the moment Rails saves sessions after every request that access the (lazy loaded) session, even if the session has not changed. This has two problems:

  1. Performance: the unnecessary write is wasted CPU cycles and bandwidth (or a useless database access in case of the ActiveRecord store)
  2. There is a very obscure bug in Internet Explorer 7 (only in 7, not IE 6 or 8) that deletes a cookie if it's set on a 304 Not Modified request while inside an iframe.

The second one was actually the reason I needed to create this patch as my app needs to support running inside an iframe on IE7, but the performance benefits are a nice bonus. It only takes about 5 lines of ruby to set a dirty bit and check for it upon saving. Attached is a monkey patch, if there is consensus that this is a good idea I'll work it into a proper patch. I incorporated the patch from 4445 to make it work with expire after too.

Comments and changes to this ticket

  • Fjan

    Fjan December 3rd, 2010 @ 01:23 PM

    Just a small clarification on the obscure IE7 bug in case people want to reproduce it: It only happens in combination with Apache which (correctly) filters P3P headers from 304 requests. A P3P header is needed for all versions of Internet Explorer to accept cookies inside an iframe. The missing header has the effect of IE7 not only rejecting the cookie (which wouldn't be much of a problem) but actively deleting the cookie thereby logging the user out.

  • rails

    rails March 4th, 2011 @ 12:00 AM

    • State changed from “new” to “open”

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • rails

    rails March 4th, 2011 @ 12:00 AM

    • State changed from “open” to “stale”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket