Jemmaniam
2011-Feb-03 15:01 UTC
Problem with reset session cookies causing session sharing in an unstable network.
I was wondering if anyone might help me with a peculiar problem. We are having a problem with our network that is resulting in, say, UserA getting UserB''s response, resulting in his session cookie being reset and two users sharing the same session, UserB''s. Not good I know. Question: Why does Rails pass the session cookie in every response and is it possible to turn that off? Any pointers to where to look in the code, or a better place to ask the question, are appreciated -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Matt Jones
2011-Feb-04 18:16 UTC
Re: Problem with reset session cookies causing session sharing in an unstable network.
On Feb 3, 10:01 am, Jemmaniam <j.mark.bro...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I was wondering if anyone might help me with a peculiar problem. We > are having a problem with our network that is resulting in, say, UserA > getting UserB''s response, resulting in his session cookie being reset > and two users sharing the same session, UserB''s. Not good I know. > Question: Why does Rails pass the session cookie in every response > and is it possible to turn that off?That''s pretty much how cookies work, so I doubt there''s going to be a way to switch it off. I''d recommend you figure out what''s gone wrong to cause users to get replies to requests they didn''t make, as it seems to indicate some pretty severe problems at the TCP level... --Matt Jones -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.