This project is archived and is in readonly mode.
Session cookie not sent with activerecord or memcache store in Rails 2.3.9
Reported by Mislav | September 8th, 2010 @ 02:27 PM
Commit f8f3653 broke
setting the session ID cookie for requests without 'HTTP_COOKIE'
header
when using activerecord or memcache store. Integration tests didn't
catch this because they
always set the HTTP_COOKIE header for mock requests, so now this is
changed to only set the
header if there are cookies.
Comments and changes to this ticket
-
Mislav September 8th, 2010 @ 03:00 PM
Just published an unobtrusive fix for existing apps.
wget http://gist.github.com/570149.txt -O config/initializers/sessions_patch.rb -
Repository September 8th, 2010 @ 05:03 PM
- State changed from “new” to “committed”
(from [c6e33d30c1fe02e5729a269ab577967fb59a5e6c]) fix setting session cookie with activerecord and memcache store
Commit f8f3653 broke setting the session ID cookie for requests without 'HTTP_COOKIE' header
when using activerecord or memcache store. Integration tests didn't catch this because they
always set the HTTP_COOKIE header for mock requests, so now this is changed to only set the
header if there are cookies.[#5581 state:committed]
Signed-off-by: Santiago Pastorino santiago@wyeworks.com
http://github.com/rails/rails/commit/c6e33d30c1fe02e5729a269ab57796... -
Josh Goebel September 8th, 2010 @ 06:11 PM
Is this going to result in a 2.3.10? Seems like a pretty serious issue that would affect a lot of people, no? Or has everyone moved on to Cookie store?
-
sowersb September 8th, 2010 @ 09:14 PM
I'd like to know too if there is a Rails 2.3.10 being planned. I'm using ActiveRecord as the session store in my app due to data sensitivity and this bug killed by 2.3.9 upgrade. There are still a lot of valid reasons for not using cookies to store sessions - data sensitivity and the bandwidth used to upload all session data on every request are the two biggest that I can think of.
-
Michael Koziarski September 8th, 2010 @ 09:49 PM
- Importance changed from “” to “Low”
Yes, this justifies a 2.3.10 release
-
Elise Huard September 13th, 2010 @ 04:05 PM
+1 it stopped us upgrading.
Mislav's fix will do us for now, but it doesn't make a great impression when an app just plum stops working on upgrade. We have an ActiveRecord session store.
-
-
Brian Jensen October 8th, 2010 @ 09:27 AM
+1
Broken here as well. Mislavs patch has fixed it for now
-
Sébastien Grosjean - ZenCocoon October 13th, 2010 @ 01:40 PM
+1 Broken too. Mislav's patch temporary used as fix.
-
Mislav October 13th, 2010 @ 05:27 PM
Guys, I appreciate the +1s, but the core team were already aware and will incorporate this in the next release. If you want to nudge them to release sooner, write on the core mailing list! Thanks ;)
-
Repository October 29th, 2010 @ 07:28 AM
(from [ddf73603c1aeb6be3fd8619c7c0054d4cd6528c8]) Backport of documentation fixes:
cfc8c7ab54173c4f28776a69de23028d771f6e24 dfebdb1b033c033b7a39615a39d9d4ac3052e61d
[#5520] [#5537] [#5581] http://github.com/rails/rails/commit/ddf73603c1aeb6be3fd8619c7c0054...
-
-
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
jcapote (at gmail)
Andrew White
Jeremy Kemper
Michael Koziarski
Mislav
Referenced by
-
5581
Session cookie not sent with activerecord or memcache store in Rails 2.3.9
[#5581 state:committed]
-
5537
Script tag in prototype_helper rdoc causing formatting issue in API
[#5520] [#5537] [#5581]
http://github.com/rails/rails/co...
-
5581
Session cookie not sent with activerecord or memcache store in Rails 2.3.9
[#5520] [#5537] [#5581]
http://github.com/rails/rails/co...
-
5520
Online Rails 3 documentation has unescaped <script> tags
[#5520] [#5537] [#5581]
http://github.com/rails/rails/co...