problems with new cookie session store and firefox

rubyonrails-talk
1

I run Rails 2.0.2 and use the new cookie based session store.

My users get authenticated against a mysql database. When the credentials are ok I set session[:userid].

I use session[:userid] for example to track the user and in all controller actions .... find(:all, :conditions => [bla.user_id = session[:userid] ....

Let's say a logged in user does not click on the Logout button but closes the browser window with CTRL-Q or something like that....

Then I open firefox again and I'am still logged in....looking in Firefox's cookie store I still see the cookie.

In Safari I do not have this problem....

Can someone confirm this?

PS: MacOSX Leopard, Firefox 2.0.0.11

2

I just told firefox to start up with a blank page - I always told him to reopen all pages. No the problems seems to be away. :slight_smile:

3

Firefox has customizable preferences for what goes away when you close the browser. Have a look at Preferences -> Privacy -> Settings -> Authenticated Sessions to see if yours is behaving like you're expecting it to.

4

I know these settings and I played with them.

When the clicks on "log off" I do a "reset_session"....shouldn't the cookie be deleted in firefox?

As described above the problem does not occur in safari-

5

I know these settings and I played with them.

When the clicks on "log off" I do a "reset_session"....shouldn't the cookie be deleted in firefox?

Yes, but it won't really be gone until the next request. Are you redirecting after the reset_session ?

As described above the problem does not occur in safari-

I just tested this one app I have open and I don't notice any differences with reset_session between Safari and Firefox. I have to think something is up with your Firefox.

6

I know these settings and I played with them.

When the clicks on "log off" I do a "reset_session"....shouldn't the cookie be deleted in firefox?

Yes, but it won't really be gone until the next request. Are you redirecting after the reset_session ?

Yes, I make a redirect_to to the home page and render a partial with information concerning the successfull log out.

As described above the problem does not occur in safari-

I just tested this one app I have open and I don't notice any differences with reset_session between Safari and Firefox. I have to think something is up with your Firefox.

I will try to figure it out next few days... Thanx.