Rails - Mar 2007 - Edge: Session Cookie Fix Causing Issues for Legacy App

I love the idea of the cookie fix for session storage. But... I''ve gone
round
and round to get edge working with a legacy app and wonder if anyone has any
pointers. Here''s what''s happening. I fresh-installed:

rails foo
cd foo
rake rails:freeze:edge
rake rails:update
-- add secret to environment.rb --

All good, passing tests, no problems with session cookies. Then I cp -r my
application tree over, preserving environment.rb. After that copy, I get:

ArgumentError (`name'' required):
   
/vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie_performance_fix.rb:44:in
`initialize''
   
/vendor/rails/actionpack/lib/action_controller/session/cookie_store.rb:129:in
`new''
   
/vendor/rails/actionpack/lib/action_controller/session/cookie_store.rb:129:in
`write_cookie''
   
/vendor/rails/actionpack/lib/action_controller/session/cookie_store.rb:87:in
`close''
    /opt/local/lib/ruby/1.8/cgi/session.rb:324:in `close''
    /vendor/rails/actionpack/lib/action_controller/base.rb:1209:in
`close_session''
<and other stuff waaaay back in the call tree>

I''ve verified that the cookie name is coming in as empty and the
ArgumentError is being raised for a reason. I just don''t see why that
would
be.

Does anyone have any thoughts about this?

Here''s more about the environment:

About your application''s environment
Ruby version                 1.8.5 (i686-darwin8.8.1)
RubyGems version             0.9.1
Rails version                1.2.0
Active Record version        1.14.4
Action Pack version          1.12.5
Action Web Service version   1.1.6
Action Mailer version        1.2.5
Active Support version       1.3.1
Edge Rails revision          6414
Application root             /Users/sxross/rails/amu_edge
Environment                  development
Database adapter             mysql
Database schema version      0


Plugins:

exception_notification
file_column
haml
<two that I wrote that don''t hack rails>
-- 
View this message in context:
http://www.nabble.com/Edge%3A-Session-Cookie-Fix-Causing-Issues-for-Legacy-App-tf3397581.html#a9460095
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 3/13/07, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I love the idea of the cookie fix for session storage. But... I''ve
gone round
> and round to get edge working with a legacy app and wonder if anyone has
any
> pointers. Here''s what''s happening. I fresh-installed:
You need to provide :session_key and :secret session options in
environment.rb. It''s generated for you in new apps.
  config.action_controller.session = { :session_key =>
''_myapp_session'', :secret  => ''ssh! be
quiet'' }
Note that it''s moving from application.rb to the environment.

I added an explicit ArgumentError rather than letting it fall through
to an empty cookie name.
  http://dev.rubyonrails.org/changeset/6415

jeremy

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks so much. Cookie-based sessions should be an amazing help.

steve


Jeremy Kemper wrote:
> 
> 
> On 3/13/07, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>> I love the idea of the cookie fix for session storage. But...
I''ve gone
>> round
>> and round to get edge working with a legacy app and wonder if anyone
has
>> any
>> pointers. Here''s what''s happening. I fresh-installed:
> 
> You need to provide :session_key and :secret session options in
> environment.rb. It''s generated for you in new apps.
>   config.action_controller.session = { :session_key =>
> ''_myapp_session'', :secret  => ''ssh! be
quiet'' }
> Note that it''s moving from application.rb to the environment.
> 
> I added an explicit ArgumentError rather than letting it fall through
> to an empty cookie name.
>   http://dev.rubyonrails.org/changeset/6415
> 
> jeremy
> 
> > 
> 
> 
-- 
View this message in context:
http://www.nabble.com/Edge%3A-Session-Cookie-Fix-Causing-Issues-for-Legacy-App-tf3397581.html#a9463144
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Here''s a follow-up question. Are session_id values guaranteed to  
remain the same between calls? I know you aren''t relying on the  
session_id to identify the information anymore.

I only ask because I''ve been looking at Simple Captcha, which uses  
the session_id as part of the hash that identifies the captcha answer  
in pstore. Oddly, the session_id works perfectly with this when using  
AR session store, but not with the new cookie-based session store.

Thoughts?

Thx

On Mar 13, 2007, at 1:45 PM, Jeremy Kemper wrote:
>
> On 3/13/07, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>> I love the idea of the cookie fix for session storage. But...
I''ve
>> gone round
>> and round to get edge working with a legacy app and wonder if  
>> anyone has any
>> pointers. Here''s what''s happening. I fresh-installed:
>
> You need to provide :session_key and :secret session options in
> environment.rb. It''s generated for you in new apps.
>   config.action_controller.session = { :session_key =>
> ''_myapp_session'', :secret  => ''ssh! be
quiet'' }
> Note that it''s moving from application.rb to the environment.
>
> I added an explicit ArgumentError rather than letting it fall through
> to an empty cookie name.
>   http://dev.rubyonrails.org/changeset/6415
>
> jeremy
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 3/15/07, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Here''s a follow-up question. Are session_id values guaranteed to
> remain the same between calls? I know you aren''t relying on the
> session_id to identify the information anymore.
The session cookie now contains data rather than an id.
> I only ask because I''ve been looking at Simple Captcha, which uses
> the session_id as part of the hash that identifies the captcha answer
> in pstore. Oddly, the session_id works perfectly with this when using
> AR session store, but not with the new cookie-based session store.
You can store an id in the session data instead.

Rick Olson''s CSRF-prevention plugin takes this approach.

jeremy

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---