I submitted a ticket about this, but I thought perhaps I should ping this mailing list as well. When deploying an an app that was upgraded to run on Rails 2.0 and use cookie sessions, users that are logged into the site receive an error: CGI::Session::CookieStore::TamperedWithCookie when they first visit the site. When they refresh once, this error will no longer appear. However, I can''t figure out how to work around them seeing an Application Error screen the first time. Is there any way to rescue_from this error, or otherwise avoid encountering it all together? http://dev.rubyonrails.org/ticket/10427 -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 8 Dec 2007, at 23:48, Trevor Turk wrote:> > I submitted a ticket about this, but I thought perhaps I should ping > this mailing list as well. > > When deploying an an app that was upgraded to run on Rails 2.0 and use > cookie sessions, users that are logged into the site receive an error: > CGI::Session::CookieStore::TamperedWithCookie when they first visit > the > site. When they refresh once, this error will no longer appear. > However, > I can''t figure out how to work around them seeing an Application Error > screen the first time. Is there any way to rescue_from this error, or > otherwise avoid encountering it all together? >If you change the name of the cookie used then the app won''t see the old cookie at all, which should handle things.> http://dev.rubyonrails.org/ticket/10427 > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung wrote:> If you change the name of the cookie used then the app won''t see the > old cookie at all, which should handle things.I''m still not able to work around this issue. The problem occurs when I change the "secret" used by cookie sessions in config/environment.rb: config.action_controller.session = { :session_key => x, :secret => y } That seems to trigger the TamperedWithCookie, which resolves itself after one refresh. Changing the session_key and the secret at the same time still triggers the error. So, I don''t know what to do! Again, any further help would be much appreciated. Thanks, - Trevor -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Dec 10, 2007, at 2:10 AM, Trevor Turk wrote:> Frederick Cheung wrote: >> If you change the name of the cookie used then the app won''t see the >> old cookie at all, which should handle things. > > I''m still not able to work around this issue. The problem occurs > when I > change the "secret" used by cookie sessions in config/environment.rb: > > config.action_controller.session = { :session_key => x, :secret => y } > > That seems to trigger the TamperedWithCookie, which resolves itself > after one refresh. Changing the session_key and the secret at the same > time still triggers the error. So, I don''t know what to do!It should work, change the value associated to :session_key (which is the name of the cookie) in environment.rb and restart the server. -- fxn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Xavier Noria wrote:> On Dec 10, 2007, at 2:10 AM, Trevor Turk wrote: > It should work, change the value associated to :session_key (which is > the name of the cookie) in environment.rb and restart the server.I''ve added more detail to a Rails Trac ticket, including an example of the error. I''m doing what you suggested, Xavier, and I''m still getting this error. http://dev.rubyonrails.org/ticket/10427 Thanks, - Trevor -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, Trevor. I had the same problem when I upgraded to 2.0.1 and I got around it by deleting the contents of my tmp/sessions directory. Hope that helps! Katie On Dec 12, 7:54 pm, Trevor Turk <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Xavier Noria wrote: > > On Dec 10, 2007, at 2:10 AM, Trevor Turk wrote: > > It should work, change the value associated to :session_key (which is > > the name of the cookie) in environment.rb and restart the server. > > I''ve added more detail to a Rails Trac ticket, including an example of > the error. I''m doing what you suggested, Xavier, and I''m still getting > this error. > > http://dev.rubyonrails.org/ticket/10427 > > Thanks, > - Trevor > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Katie Kelly wrote:> I had the same problem when I upgraded to 2.0.1 and I got around it by > deleting the contents of my tmp/sessions directory. Hope that helps!I was using the database for sessions, so that''s not the problem. Thanks for the reply, though! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Trevor Turk wrote:> Katie Kelly wrote: >> I had the same problem when I upgraded to 2.0.1 and I got around it by >> deleting the contents of my tmp/sessions directory. Hope that helps! > > I was using the database for sessions, so that''s not the problem. Thanks > for the reply, though!I had the same problem then I got around it by deleting the contents from sessions table. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---