This project is archived and is in readonly mode.
class cache should reload in each user session
Reported by yachi | March 16th, 2010 @ 03:59 AM
Let's say i have to set the user's timezone in Time.zone when
the user visit the site, but when an anonymous user comes, the
timezone of the last user is still stored in Time class. So now i
have to reset the Time.zone in every session in production mode. Is
is an expected behaviour?
And another issue i hit about class cache is that i have some
controllers that users could access without email confirmation
after registration and the boolean of confirmation check is stored
in UserSession(Authlogic) class. So once a user trigger the
disable_confirmation_check, other users could access all the site
without email confirmation.
These do not happen in development mode since classes are reloaded
every time. It may cause security issues if developers are not
aware of what they do are involved with class variables which is
only persistence in production mode.
Comments and changes to this ticket
-
José Valim March 27th, 2010 @ 02:02 PM
- State changed from “new” to “invalid”
Yes, those are the expected behavior. If you store such values in the class, those behaviors will trigger. You need to work on your implementation.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
José Valim
Nolan Meyers