Rails sessions working intermittently in IE7

Hello, We are developing in Rails 2.1.0 and serving the files with mongrels behind Apache. We are using SqlSessionStore. Recently I noticed that when logging into our site using IE7 the session doesn't persist in some situations, and persists when it shouldn't.

For instance when I log in my info is maintained when visiting certain pages, but disappears on others. The info never fully disappears, it just is only accessible certain situations. I can't log out either. Lastly if I close IE7 and reopen the browser my session is still active.

So here are some things to take into account - Everything works fine in development using a similar mongrel/apache/ssl setup. This would make me think it might be the live server, but we have another ror site that works fine. I guess this doesn't eliminate the server.

What is puzzling is the session persists, but for some reason it doesn't get recognized on some requests. It seems another session would be created in those cases, but one is not when I view the sessions table. Also the fact that I can't log out is weird.

Most of what I can find has to do with iframes and setting p3p in the response, but that hasn't worked and it seems that in those cases the session isn't persisting at all, which is different from our issue.

Is this just happening in IE7? Can you replicate the issue in other browsers like Chrome, Firefox, Safari, etc... ?

I've noticed similar behavior on IE5 (I know, it's old, so am I:-)...

I only running in development mode and testing on Firefox, Safari, Opera, and IE. The only way I can terminate a session on IE is by deleting related cookies. The other browsers work fine. I typically run through mongrel though I've tried webrick with the same results.

Here's my setup:

Ruby version 1.8.7 (powerpc-darwin9) RubyGems version 1.3.0 Rails version 2.1.1 Active Record version 2.1.1 Action Pack version 2.1.1 Active Resource version 2.1.1 Action Mailer version 2.1.1 Active Support version 2.1.1 Application root /Users/rick/journeys Environment development Database adapter mysql Database schema version 20080925171956

Command0, it only happens in IE7 and IE6 (the only two I've tested). Safari, Firefox (windows and mac) work fine. Also remember everything works fine in development mode for all browsers.

Rick,     That might work for logging out but it seems I'd still have the problem of the session flaking out during the visit.

Do you have some code? I just upgraded from 1.2.x to 2.1.0. and discover the exact same thing. You won't by chance be putting a whole object into a session? This is what I did and was getting an overflow error, or something like that, I fixed it by placing only small amounts of data in the session variable, for example an id.

Shandy,     As far as I know, I'm not the only one working on the site, there is not much going into the session, only text, no objects. Where you getting an actual error? I don't get any errors.

I read about taking _ out of the session name, but that didn't work. I noticed that our web address without the www. does not go to our site. I'm not sure if that is causing problems or not.

In IE7 i got 500 errors. Could it be that there might be puts statements in your controller? I have found that that will reek havok on the app sitting on our server and will usually give a 500 error. Also, you say the session persists, are you resetting the session variable somewhere, like when you logout? Are there any useful hints in the loggs?

-S

Shandy,      I've just spent some time looking through the production log. I noticed the IE7 requests were sometimes erroring out because of InvalidAuthenticityToken errors. But I know this happens when cookies are turned off so if the IE7 sessions aren't working right this error will probably exist. But just in case I disabled the AuthenticityToken and the problems are still there.

Looking more into the log I see that not every IE7 request is being logged, so the request must not actually be taking place. Almost like IE7 is caching or something to that nature. If I refresh each page it seems like things work like normal. Any ideas? I'm going to start looking into caching and stuff like that.

I figured it out! It was caching pages. I found a post to add this in the <head> element:

<META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1">

and everything looks to be working. Thanks for your input.