Ruby Sessions - getting created for every request from IE

Hi,

I am seeing this weird bug. I create a session for each new user, and
keep updating the same session. If he logs in, i update his user_id into
the session, so that i can keep track if he is logged in or not,and such
things.

But sometimes in IE, no matter how many times a user enters his
credentials, it wouldn't let him in. When i tried to debug,

I saw this process: It actually updates the session after
authenticating. But when he is redirected to his profile page, a new
session is getting created and user_id is NULL for that. So he is forced
to login page again.

This happens only in IE7 and only sometimes. But when it happens, it
doesnt let the user in.

Has anyone faced similar situation? Please suggest.

Regards,
SG

Sandeep Gudibanda wrote:

Hi,

I am seeing this weird bug. I create a session for each new user, and
keep updating the same session. If he logs in, i update his user_id into
the session, so that i can keep track if he is logged in or not,and such
things.

But sometimes in IE, no matter how many times a user enters his
credentials, it wouldn't let him in. When i tried to debug,

I saw this process: It actually updates the session after
authenticating. But when he is redirected to his profile page, a new
session is getting created and user_id is NULL for that. So he is forced
to login page again.

This happens only in IE7 and only sometimes. But when it happens, it
doesnt let the user in.

Has anyone faced similar situation? Please suggest.

Regards,
SG

I'm seeing the same thing. Except it sometimes happens on IE 6 for me
also. Are you using AuthenticatedSystem?

- jason

Jason Lee wrote:

I'm seeing the same thing. Except it sometimes happens on IE 6 for me
also. Are you using AuthenticatedSystem?

- jason

And what makes it worse for me is that it only happens on SOME machines.
I have various vmware instances setup - Vista w/IE7, XP w/IE7, XP w/IE6
- and I cannot duplicate it on any of them - it always works.

However, my co-worker on random other machines have this problem (these
are machines and friends and relatives houses).

For me, my sessions controller authenticates fine, but then when I
redirect to my dashboard controller, I can see my 'before_filter
:login_required' hook the request and redirect it to the login page.

We're also using SSL for our site, so I don't know if that makes any
difference. I'm thinking about moving off cookie session store and maybe
active record or local file system to see if this makes a difference.

I use act_as_authenticated..But no luck with cracking this bug though.:frowning:

Sandeep Gudibanda wrote:

I use act_as_authenticated..But no luck with cracking this bug though.:frowning:

So I've been monitoring our app and so far, some of the IE machines we
were having problems with are working - *so far*. We're still working on
testing the other ones. Plus, I don't know if it matters, but we're
using SSL with all the auth.

What I did was switch over to active record session store. In doing this
I had to make sure the protect_from_forgery with secret was uncommented
in the application.rb controller.
Also, I had a few forms that I generated by hand (for some optimized js
stuff) and I had to go back to them to make sure that they included the
auth tag

<input name="authenticity_token" type="hidden"
value="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />

After that, things seemed to be ok. This is the first time I've used the
active record store and it is noticeably slower (maybe just to me), but
I can live with it as long as things work. I'm curious how other sites
are not experiencing this same issue..?

Maybe this might help?