Help with session

radhames_brito · March 17, 2011, 8:31pm

oookk, so i have 2 actions , create and destroy, i can get session[:cart_id] from inside the create method but not from inside the delete method.

def create @cart = current_cart Rails.logger.debug "SESSION INFO HERE #{session[:cart_id]}" this here is 18

. . .

def destroy # @cart = current_cart @line_item = LineItem.find(params[:id]) Rails.logger.debug "SESSION INFO HERE #{session[:cart_id]}" this here is nil

. . .

here is how i create the cart

private def current_cart begin Cart.find(session[:cart_id]) rescue ActiveRecord::RecordNotFound Rails.logger.debug "SESSION IS #{session.inspect}" <== is empty when i call it from the destroy method cart = Cart.create session[:cart_id] = cart.id cart end end

anyone knows whats going on?

Tony5 · March 17, 2011, 8:54pm

does it work when you uncomment this line in destroy?

# @cart = current_cart

Tony5 · March 17, 2011, 9:00pm

oh wait.. ignore that. of course it will work but it just creates a new cart. :-\ sorry, long day

radhames_brito · March 17, 2011, 9:00pm

If i do that what happens is that since the session is nil a new cart i created and i lose all the items in the original “current_cart”

and a new cart is rendered with no items.

even if i successfully delete the right line_item, when the cart is update is populated from the new current_cart and everything is lost.

By the way im doing everything via ajax.

radhames_brito · March 17, 2011, 9:03pm

but why does the session changes? or why cant i access it form the destroy method?

Tony5 · March 17, 2011, 9:06pm

any before filters clearing it out?

with AJAX, if your rails app is on a different domain than the page hosting the form the cookies may get blocked resulting in no session information being available.

Colin_Law1 · March 17, 2011, 9:13pm

Do a global search through your app and make sure you are not accessing the session anywhere else. If there are any other references but you believe that you are not accessing them then put ruby-debug breakpoints at each and make sure you do not get there.

Colin

Frederick_Cheung · March 17, 2011, 9:47pm

When the create action gets called is there also another ajax action that gets triggered by the browser at roughly the same time? There can be race conditions when that sort of things happens.

Fred

radhames_brito · March 17, 2011, 11:00pm

no other ajax call is made

radhames_brito · March 17, 2011, 11:01pm

It works well without ajax, there seem to be a problem when calling the action via ajax

radhames_brito · March 17, 2011, 11:22pm

i official , if i try to do and ajax request to the destroy action i cant access the session, can some on please test to see if its a bug?

radhames_brito · March 18, 2011, 12:21am

in debuggin, if i stop to check the session during the destroy action i get this

“DEPRECATION WARNING: Disabling sessions for a single controller has been deprecated. Sessions are now lazy loaded. So if you don’t access them, consider them off. You can still modify the session cookie options with request.session_options. (called from block in at_line at (eval):5)”

as if am using

session :off

but am not, could this be related to devise?

radhames_brito · March 18, 2011, 12:46am

it seems to be realted to my rails.js file i think is not passing the csrf_token on every request

radhames_brito · March 18, 2011, 2:10am

ok , i just confirmed this. here is the problem

my rails.js file i installed with jquery rails, is not properlly passing the csrf token so

“The request will also not include the required CSRF data, and as of Rails 3.0.4 the session is silently reset instead of throwing an ActionController::InvalidAuthenticityToken error. This is why you suspect the authentication issue lies with Devise, but it is actually being triggered within Rails itself.”

that is why i cant see the session from the destroy action, when i remove

protect_from_forgery

from the application_controller everything works ok , it also works if the request is not ajax based with protect_from_forgery enable.

radhames_brito · March 18, 2011, 2:17am

Ok is fixed by downloading the latest rais.js that supports rails 3.0.4

it has this new method in it which makes sure the csrf token is sent on every request

// Make sure that every Ajax request sends the CSRF token

function CSRFProtection(xhr) {

	var token = $('meta[name="csrf-token"]').attr('content');

	if (token) xhr.setRequestHeader('X-CSRF-Token', token);

}

if ('ajaxPrefilter' in $) $.ajaxPrefilter(function(options, originalOptions, xhr){ CSRFProtection(xhr) });

else $(document).ajaxSend(function(e, xhr){ CSRFProtection(xhr) });

Topic		Replies	Views
session question.. rubyonrails-talk	15	93	October 12, 2008
Session rubyonrails-talk	6	103	March 10, 2007
How to get my cart destroy to run a line item destroy method rubyonrails-talk	1	359	May 9, 2011
Headache with sessions being shared. rubyonrails-talk	5	151	November 2, 2009
help: session is deleted, but after the view is rendered rubyonrails-talk	2	155	December 21, 2008

Help with session

Related topics

More Resources