We have a rails 2.3 app with a large number of live users, and we have
recently done something to corrupt some users sessions in such a way
that any attempt to use the session object itself raises an exception.
"reset_session" is also raising the same exception, and not clearing the
session.
Is there a lower-level way to clear the session from the app that
doesn't require the session to be valid? We are using the cookie
session_store.
What is really surprsing to me is that even
"cookies['our_cookie_label']=nil" raises the exception.
The exception is this: "ActionController::SessionRestoreError (Session
contains objects whose class definition isn\'t available. Remember to
require the classes for all objects kept in the session.
(Original exception: #{const_error.message} [#{const_error.class}])"
Unfortunately, since we can't read the session at all, I can't figure
out what object is in it that isn't defined.
We have a rails 2.3 app with a large number of live users, and we have
recently done something to corrupt some users sessions in such a way
that any attempt to use the session object itself raises an exception.
"reset_session" is also raising the same exception, and not clearing the
session.
Is there a lower-level way to clear the session from the app that
doesn't require the session to be valid? We are using the cookie
session_store.
What is really surprsing to me is that even
"cookies['our_cookie_label']=nil" raises the exception.
The exception is this: "ActionController::SessionRestoreError (Session
contains objects whose class definition isn\'t available. Remember to
require the classes for all objects kept in the session.
(Original exception: #{const_error.message} [#{const_error.class}])"
Unfortunately, since we can't read the session at all, I can't figure
out what object is in it that isn't defined.
Thanks,
Avram
Have you tried changing the secret, so all existing cookies are invalidated? Look in the initializers for secret_token.rb (may be somewhere else on 2.3, can't recall exactly).