I''m using an exception notification plugin which sends me an email whenever an exception is raised on the rails server. Regularly I''m getting exception reports due to raising a PermissionDenied exception when a user has no access or because rails complains about an invalid authenticity token. I can never reproduce these. And in 99% of the cases it works fine for our users, but there''s a 1% for whom it apparently fails. These exceptions are always due to an action triggered by an ajax request. The content of the exception report is always something like below. The thing I find odd is that the HTTP_COOKIE indicates the user is logged in, but the session section reports a session_id of nil. I.e., the code will see the user as logged out, and raise an access denied exception. In my log I can see that subsequent (non-Ajax) requests from the same user do work fine. I also notice that all exception reports are always from MSIE6.0 and MSIE7.0 clients. I''m using jQuery. I was wondering if anyone else has seen issues like this. Is there a known cause and/or workaround / solution? Cheers, Jimmy ------------------------------- Request: ------------------------------- * URL : http://example.com/ajaxaction * IP address: 165.86.81.25 * Parameters: {"format"=>"json", "action"=>"ajaxaction", "_method"=>"put", "authenticity_token"=>"/y/ G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} * Rails root: /var/www/production.example.com/releases/ 20090812034504 ------------------------------- Session: ------------------------------- * session id: nil * data: nil ------------------------------- Environment: ------------------------------- * CONTENT_LENGTH : 83 * CONTENT_TYPE : application/x-www- form-urlencoded * DOCUMENT_ROOT : /var/www/ production.example.com/current/public * HTTP_ACCEPT : application/json, text/javascript, */*, text/javascript * HTTP_ACCEPT_LANGUAGE : en-au * HTTP_CONNECTION : Keep-Alive * HTTP_CONTENT_TYPE : application/x-www- form-urlencoded * HTTP_COOKIE : __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; __utmb=133279534.11.30.1230110149; __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd(none); _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; __qca=1242135797-11579318-30372251; __qcb=496730851; __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Edg; auth_token=; __unam=7659673-12310665fd4-664da270-1 * HTTP_HOST : example.com * HTTP_PRAGMA : no-cache * HTTP_REFERER : http://example.com/ * HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) * HTTP_VIA : 1.0 GWD-BK7-PXY01, 1.1 GWD-BK7-PXY03 * HTTP_X_NOVINET : v1.2 * HTTP_X_REQUESTED_WITH : XMLHttpRequest * PATH_INFO : /ajaxaction * QUERY_STRING : * REMOTE_ADDR : 165.86.81.25 * REMOTE_PORT : 41604 * REQUEST_METHOD : PUT * REQUEST_URI : /ajaxaction * SCRIPT_NAME : * SERVER_ADDR : 100.22.88.200 * SERVER_ADMIN : webmaster-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org * SERVER_NAME : example.com * SERVER_PORT : 80 * SERVER_PROTOCOL : HTTP/1.1 * SERVER_SOFTWARE : Apache/2.2.8 (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 * _ : _ * action_controller.request.path_parameters : formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce10d * action_controller.request.query_parameters : * action_controller.request.request_parameters: authenticity_token/y/ G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput * action_controller.rescue.request : #<ActionController::Request:0x7f1e3e134f80> * action_controller.rescue.response : #<ActionController::Response:0x7f1e3e130778> * rack.errors : #<IO:0x7f1e47c9cea0> * rack.input : #<Rack::RewindableInput:0x7f1e3e13ee40> * rack.methodoverride.original_method : POST * rack.multiprocess : true * rack.multithread : false * rack.request.cookie_hash : __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utmb136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.utmcsr(direct)|utmccn=(direct)|utmcmd=(none) _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvVNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_token__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172:S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 * rack.request.cookie_string : __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; __utmb=136279534.11.10.1250110149; __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd(none); _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; __qca=12421797-11318-372251; __qcb; __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; auth_token=; __unam=7639673-12310665fd4-665da270-1 * rack.request.form_hash : authenticity_token/y/ G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput * rack.request.form_input : #<Rack::RewindableInput:0x7f1e3e13ee40> * rack.request.form_vars : _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs %3D * rack.request.query_hash : * rack.request.query_string : * rack.run_once : false * rack.session : session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 * rack.session.options : path/ expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_session_id * rack.url_scheme : http * rack.version : 10 * Process: 20353 * Server : exampleproduction
On Aug 13, 2:30 am, Jimmy <jimmy.s...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I''m using an exception notification plugin which sends me an email > whenever an exception is raised on the rails server. Regularly I''m > getting exception reports due to raising a PermissionDenied exception > when a user has no access or because rails complains about an invalid > authenticity token. > > I can never reproduce these. And in 99% of the cases it works fine for > our users, but there''s a 1% for whom it apparently fails. > > These exceptions are always due to an action triggered by an ajax > request. >do you have a concurrent request problem ? when you get two overlapping requests from a single user then changes by one of them to the session will ''beat'' changes by the other one. Fred> The content of the exception report is always something like below. > > The thing I find odd is that the HTTP_COOKIE indicates the user is > logged in, but the session section reports a session_id of nil. I.e., > the code will see the user as logged out, and raise an access denied > exception. > > In my log I can see that subsequent (non-Ajax) requests from the same > user do work fine. > > I also notice that all exception reports are always from MSIE6.0 and > MSIE7.0 clients. > > I''m using jQuery. > > I was wondering if anyone else has seen issues like this. Is there a > known cause and/or workaround / solution? > > Cheers, > Jimmy > > ------------------------------- > Request: > ------------------------------- > > * URL :http://example.com/ajaxaction > * IP address: 165.86.81.25 > * Parameters: {"format"=>"json", "action"=>"ajaxaction", > "_method"=>"put", "authenticity_token"=>"/y/ > G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", > "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} > * Rails root: /var/www/production.example.com/releases/ > 20090812034504 > > ------------------------------- > Session: > ------------------------------- > > * session id: nil > * data: nil > > ------------------------------- > Environment: > ------------------------------- > > * CONTENT_LENGTH : 83 > * CONTENT_TYPE : application/x-www- > form-urlencoded > * DOCUMENT_ROOT : /var/www/ > production.example.com/current/public > * HTTP_ACCEPT : application/json, > text/javascript, */*, text/javascript > * HTTP_ACCEPT_LANGUAGE : en-au > * HTTP_CONNECTION : Keep-Alive > * HTTP_CONTENT_TYPE : application/x-www- > form-urlencoded > * HTTP_COOKIE : > __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; > __utmb=133279534.11.30.1230110149; > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd> (none); > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NT RhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZN kVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNv bnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA > %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; > __qca=1242135797-11579318-30372251; __qcb=496730851; > __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Ed g; > auth_token=; __unam=7659673-12310665fd4-664da270-1 > * HTTP_HOST : example.com > * HTTP_PRAGMA : no-cache > * HTTP_REFERER :http://example.com/ > * HTTP_USER_AGENT : Mozilla/4.0 > (compatible; MSIE 6.0; Windows NT 5.1; SV1) > * HTTP_VIA : 1.0 GWD-BK7-PXY01, > 1.1 GWD-BK7-PXY03 > * HTTP_X_NOVINET : v1.2 > * HTTP_X_REQUESTED_WITH : XMLHttpRequest > * PATH_INFO : /ajaxaction > * QUERY_STRING : > * REMOTE_ADDR : 165.86.81.25 > * REMOTE_PORT : 41604 > * REQUEST_METHOD : PUT > * REQUEST_URI : /ajaxaction > * SCRIPT_NAME : > * SERVER_ADDR : 100.22.88.200 > * SERVER_ADMIN : > webmas...-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org > * SERVER_NAME : example.com > * SERVER_PORT : 80 > * SERVER_PROTOCOL : HTTP/1.1 > * SERVER_SOFTWARE : Apache/2.2.8 > (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 > * _ : _ > * action_controller.request.path_parameters : > formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce 10d > * action_controller.request.query_parameters : > * action_controller.request.request_parameters: authenticity_token/y/ > G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput > * action_controller.rescue.request : > #<ActionController::Request:0x7f1e3e134f80> > * action_controller.rescue.response : > #<ActionController::Response:0x7f1e3e130778> > * rack.errors : #<IO:0x7f1e47c9cea0> > * rack.input : > #<Rack::RewindableInput:0x7f1e3e13ee40> > * rack.methodoverride.original_method : POST > * rack.multiprocess : true > * rack.multithread : false > * rack.request.cookie_hash : > __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utm b136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.ut mcsr> (direct)|utmccn=(direct)|utmcmd=(none) > _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlN zA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMv VNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo OjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_t oken__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172 :S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 > * rack.request.cookie_string : > __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; > __utmb=136279534.11.10.1250110149; > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd> (none); > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNz A6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvV lFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xs ZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA > %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; > __qca=12421797-11318-372251; __qcb; > __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; > auth_token=; __unam=7639673-12310665fd4-665da270-1 > * rack.request.form_hash : authenticity_token/y/ > G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput > * rack.request.form_input : > #<Rack::RewindableInput:0x7f1e3e13ee40> > * rack.request.form_vars : > _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs > %3D > * rack.request.query_hash : > * rack.request.query_string : > * rack.run_once : false > * rack.session : > session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ > G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 > * rack.session.options : path/ > expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_s ession_id > * rack.url_scheme : http > * rack.version : 10 > > * Process: 20353 > * Server : exampleproduction
I''ve seen these in production - but I''ve never been able to run down the source. It''s always IE that''s causing them, though. I think there may be some PC antivirus or "accelerator" that''s trying to prefetch stuff but doing it wrong... --Matt Jones On Aug 12, 9:30 pm, Jimmy <jimmy.s...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I''m using an exception notification plugin which sends me an email > whenever an exception is raised on the rails server. Regularly I''m > getting exception reports due to raising a PermissionDenied exception > when a user has no access or because rails complains about an invalid > authenticity token. > > I can never reproduce these. And in 99% of the cases it works fine for > our users, but there''s a 1% for whom it apparently fails. > > These exceptions are always due to an action triggered by an ajax > request. > > The content of the exception report is always something like below. > > The thing I find odd is that the HTTP_COOKIE indicates the user is > logged in, but the session section reports a session_id of nil. I.e., > the code will see the user as logged out, and raise an access denied > exception. > > In my log I can see that subsequent (non-Ajax) requests from the same > user do work fine. > > I also notice that all exception reports are always from MSIE6.0 and > MSIE7.0 clients. > > I''m using jQuery. > > I was wondering if anyone else has seen issues like this. Is there a > known cause and/or workaround / solution? > > Cheers, > Jimmy > > ------------------------------- > Request: > ------------------------------- > > * URL :http://example.com/ajaxaction > * IP address: 165.86.81.25 > * Parameters: {"format"=>"json", "action"=>"ajaxaction", > "_method"=>"put", "authenticity_token"=>"/y/ > G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", > "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} > * Rails root: /var/www/production.example.com/releases/ > 20090812034504 > > ------------------------------- > Session: > ------------------------------- > > * session id: nil > * data: nil > > ------------------------------- > Environment: > ------------------------------- > > * CONTENT_LENGTH : 83 > * CONTENT_TYPE : application/x-www- > form-urlencoded > * DOCUMENT_ROOT : /var/www/ > production.example.com/current/public > * HTTP_ACCEPT : application/json, > text/javascript, */*, text/javascript > * HTTP_ACCEPT_LANGUAGE : en-au > * HTTP_CONNECTION : Keep-Alive > * HTTP_CONTENT_TYPE : application/x-www- > form-urlencoded > * HTTP_COOKIE : > __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; > __utmb=133279534.11.30.1230110149; > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd> (none); > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NT RhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZN kVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNv bnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA > %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; > __qca=1242135797-11579318-30372251; __qcb=496730851; > __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Ed g; > auth_token=; __unam=7659673-12310665fd4-664da270-1 > * HTTP_HOST : example.com > * HTTP_PRAGMA : no-cache > * HTTP_REFERER :http://example.com/ > * HTTP_USER_AGENT : Mozilla/4.0 > (compatible; MSIE 6.0; Windows NT 5.1; SV1) > * HTTP_VIA : 1.0 GWD-BK7-PXY01, > 1.1 GWD-BK7-PXY03 > * HTTP_X_NOVINET : v1.2 > * HTTP_X_REQUESTED_WITH : XMLHttpRequest > * PATH_INFO : /ajaxaction > * QUERY_STRING : > * REMOTE_ADDR : 165.86.81.25 > * REMOTE_PORT : 41604 > * REQUEST_METHOD : PUT > * REQUEST_URI : /ajaxaction > * SCRIPT_NAME : > * SERVER_ADDR : 100.22.88.200 > * SERVER_ADMIN : > webmas...-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org > * SERVER_NAME : example.com > * SERVER_PORT : 80 > * SERVER_PROTOCOL : HTTP/1.1 > * SERVER_SOFTWARE : Apache/2.2.8 > (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 > * _ : _ > * action_controller.request.path_parameters : > formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce 10d > * action_controller.request.query_parameters : > * action_controller.request.request_parameters: authenticity_token/y/ > G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput > * action_controller.rescue.request : > #<ActionController::Request:0x7f1e3e134f80> > * action_controller.rescue.response : > #<ActionController::Response:0x7f1e3e130778> > * rack.errors : #<IO:0x7f1e47c9cea0> > * rack.input : > #<Rack::RewindableInput:0x7f1e3e13ee40> > * rack.methodoverride.original_method : POST > * rack.multiprocess : true > * rack.multithread : false > * rack.request.cookie_hash : > __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utm b136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.ut mcsr> (direct)|utmccn=(direct)|utmcmd=(none) > _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlN zA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMv VNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo OjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_t oken__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172 :S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 > * rack.request.cookie_string : > __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; > __utmb=136279534.11.10.1250110149; > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd> (none); > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNz A6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvV lFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xs ZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA > %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; > __qca=12421797-11318-372251; __qcb; > __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; > auth_token=; __unam=7639673-12310665fd4-665da270-1 > * rack.request.form_hash : authenticity_token/y/ > G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput > * rack.request.form_input : > #<Rack::RewindableInput:0x7f1e3e13ee40> > * rack.request.form_vars : > _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs > %3D > * rack.request.query_hash : > * rack.request.query_string : > * rack.run_once : false > * rack.session : > session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ > G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 > * rack.session.options : path/ > expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_s ession_id > * rack.url_scheme : http > * rack.version : 10 > > * Process: 20353 > * Server : exampleproduction
This action is triggered by pressing a button which executes a piece of javascript.. the setup is done in a jquery document ready block of code. It would highly surprise me if a prefetcher would trigger that button. As the action is triggered by a user action, I also don''t think this should give a concurrent request problem. (the app runs in passenger too, I was under the impression that within passenger you shouldn''t run into any concurrency issues anyways?) The source is indeed always an MSIE browser, which would suggest a browser issue. However, seeing that the browser does send a correct cookie with the session id in there, I wonder if for some reason the rails server can''t match the session... Jimmy On Aug 13, 9:36 pm, Matt Jones <al2o...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I''ve seen these in production - but I''ve never been able to run down > the source. It''s always IE that''s causing them, though. I think there > may be some PC antivirus or "accelerator" that''s trying to prefetch > stuff but doing it wrong... > > --Matt Jones > > On Aug 12, 9:30 pm, Jimmy <jimmy.s...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > I''m using an exception notification plugin which sends me an email > > whenever an exception is raised on the rails server. Regularly I''m > > getting exception reports due to raising a PermissionDenied exception > > when a user has no access or because rails complains about an invalid > > authenticity token. > > > I can never reproduce these. And in 99% of the cases it works fine for > > our users, but there''s a 1% for whom it apparently fails. > > > These exceptions are always due to an action triggered by an ajax > > request. > > > The content of the exception report is always something like below. > > > The thing I find odd is that the HTTP_COOKIE indicates the user is > > logged in, but the session section reports a session_id of nil. I.e., > > the code will see the user as logged out, and raise an access denied > > exception. > > > In my log I can see that subsequent (non-Ajax) requests from the same > > user do work fine. > > > I also notice that all exception reports are always from MSIE6.0 and > > MSIE7.0 clients. > > > I''m using jQuery. > > > I was wondering if anyone else has seen issues like this. Is there a > > known cause and/or workaround / solution? > > > Cheers, > > Jimmy > > > ------------------------------- > > Request: > > ------------------------------- > > > * URL :http://example.com/ajaxaction > > * IP address: 165.86.81.25 > > * Parameters: {"format"=>"json", "action"=>"ajaxaction", > > "_method"=>"put", "authenticity_token"=>"/y/ > > G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", > > "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} > > * Rails root: /var/www/production.example.com/releases/ > > 20090812034504 > > > ------------------------------- > > Session: > > ------------------------------- > > > * session id: nil > > * data: nil > > > ------------------------------- > > Environment: > > ------------------------------- > > > * CONTENT_LENGTH : 83 > > * CONTENT_TYPE : application/x-www- > > form-urlencoded > > * DOCUMENT_ROOT : /var/www/ > > production.example.com/current/public > > * HTTP_ACCEPT : application/json, > > text/javascript, */*, text/javascript > > * HTTP_ACCEPT_LANGUAGE : en-au > > * HTTP_CONNECTION : Keep-Alive > > * HTTP_CONTENT_TYPE : application/x-www- > > form-urlencoded > > * HTTP_COOKIE : > > __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; > > __utmb=133279534.11.30.1230110149; > > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd> > (none); > > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NT RhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZN kVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNv bnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA > > %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; > > __qca=1242135797-11579318-30372251; __qcb=496730851; > > __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Ed g; > > auth_token=; __unam=7659673-12310665fd4-664da270-1 > > * HTTP_HOST : example.com > > * HTTP_PRAGMA : no-cache > > * HTTP_REFERER :http://example.com/ > > * HTTP_USER_AGENT : Mozilla/4.0 > > (compatible; MSIE 6.0; Windows NT 5.1; SV1) > > * HTTP_VIA : 1.0 GWD-BK7-PXY01, > > 1.1 GWD-BK7-PXY03 > > * HTTP_X_NOVINET : v1.2 > > * HTTP_X_REQUESTED_WITH : XMLHttpRequest > > * PATH_INFO : /ajaxaction > > * QUERY_STRING : > > * REMOTE_ADDR : 165.86.81.25 > > * REMOTE_PORT : 41604 > > * REQUEST_METHOD : PUT > > * REQUEST_URI : /ajaxaction > > * SCRIPT_NAME : > > * SERVER_ADDR : 100.22.88.200 > > * SERVER_ADMIN : > > webmas...-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org > > * SERVER_NAME : example.com > > * SERVER_PORT : 80 > > * SERVER_PROTOCOL : HTTP/1.1 > > * SERVER_SOFTWARE : Apache/2.2.8 > > (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 > > * _ : _ > > * action_controller.request.path_parameters : > > formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce 10d > > * action_controller.request.query_parameters : > > * action_controller.request.request_parameters: authenticity_token/y/ > > G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput > > * action_controller.rescue.request : > > #<ActionController::Request:0x7f1e3e134f80> > > * action_controller.rescue.response : > > #<ActionController::Response:0x7f1e3e130778> > > * rack.errors : #<IO:0x7f1e47c9cea0> > > * rack.input : > > #<Rack::RewindableInput:0x7f1e3e13ee40> > > * rack.methodoverride.original_method : POST > > * rack.multiprocess : true > > * rack.multithread : false > > * rack.request.cookie_hash : > > __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utm b136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.ut mcsr> > (direct)|utmccn=(direct)|utmcmd=(none) > > _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlN zA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMv VNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo OjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_t oken__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172 :S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 > > * rack.request.cookie_string : > > __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; > > __utmb=136279534.11.10.1250110149; > > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd> > (none); > > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNz A6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvV lFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xs ZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA > > %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; > > __qca=12421797-11318-372251; __qcb; > > __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; > > auth_token=; __unam=7639673-12310665fd4-665da270-1 > > * rack.request.form_hash : authenticity_token/y/ > > G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput > > * rack.request.form_input : > > #<Rack::RewindableInput:0x7f1e3e13ee40> > > * rack.request.form_vars : > > _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs > > %3D > > * rack.request.query_hash : > > * rack.request.query_string : > > * rack.run_once : false > > * rack.session : > > session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ > > G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 > > * rack.session.options : path/ > > expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_s ession_id > > * rack.url_scheme : http > > * rack.version : 10 > > > * Process: 20353 > > * Server : exampleproduction