This project is archived and is in readonly mode.
message_verifier.verify - fails when cookie doesn't contain '--'
Reported by Tarmo Lehtpuu | October 9th, 2009 @ 04:48 PM
data, digest = signed_message.split("--")
The above line in message_verifier.verify causes the below error when signed_message doesn't contain '--'.
You have a nil object when you didn't expect it!
You might have expected an instance of Array.
The error occurred while evaluating nil.length
/Library/Ruby/Gems/1.8/gems/activesupport-2.3.4/lib/active_support/message_verifier.rb:43:in `secure_compare'
/Library/Ruby/Gems/1.8/gems/activesupport-2.3.4/lib/active_support/message_verifier.rb:28:in `verify'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/cookie_store.rb:156:in `unmarshal'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/cookie_store.rb:145:in `load_session'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/abstract_store.rb:62:in `send'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/abstract_store.rb:62:in `load!'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/abstract_store.rb:70:in `stale_session_check!'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/abstract_store.rb:61:in `load!'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.4/lib/action_controller/session/abstract_store.rb:28:in `[]'
This happens for example when switching from memcached based session store to cookie session store all existing sessions will be invalid until browser is at least restarted.
As a temporary workaround we used the following before filter to delete invalid cookies:
before_filter :delete_broken_cookies
def delete_broken_cookies
if cookies['_some_session_id'] && cookies["_some_session_id"] !=~ /--/
cookies.delete '_some_session_id'
redirect to root_path and return false
end
end
Comments and changes to this ticket
-
Tarmo Lehtpuu October 9th, 2009 @ 04:56 PM
- Tag set to “active_support, cookiestore, cookie_store, session”
-
Jolyon November 12th, 2009 @ 06:39 PM
Not sure the regular expression test above is quite right. This worked for me:
cookies['_some_session_id'] && ! (cookies["_some_session_id"] =~ /--/) end -
Todd Persen November 23rd, 2009 @ 05:52 AM
I think you want to use !~ to achieve the desired effect. Also, the redirect_to was missing the underscore. The cleaned up version should look like:
before_filter :delete_broken_cookies def delete_broken_cookies if cookies['_some_session_id'] && cookies['_some_session_id'] !~ /--/ cookies.delete '_some_session_id' redirect_to root_path and return false end end -
Wesley Moore December 14th, 2009 @ 10:39 PM
This is the solution I used:
def delete_broken_cookies if cookies['_Radio_session'] && !cookies['_Radio_session'].include?('--') reset_session end end -
Rohit Arondekar October 8th, 2010 @ 03:39 AM
- State changed from “new” to “stale”
- Importance changed from “” to “”
Marking ticket as stale. If this is still an issue please leave a comment with suggested changes, creating a patch with tests, rebasing an existing patch or just confirming the issue on a latest release or master/branches.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Jeremy Kemper
Rohit Arondekar
Tarmo Lehtpuu
Łukasz Strzałkowski