Ruby Sessions - getting created for every request from IE

Hi,

I am seeing this weird bug. I create a session for each new user, and keep updating the same session. If he logs in, i update his user_id into the session, so that i can keep track if he is logged in or not,and such things.

But sometimes in IE, no matter how many times a user enters his credentials, it wouldn't let him in. When i tried to debug,

I saw this process: It actually updates the session after authenticating. But when he is redirected to his profile page, a new session is getting created and user_id is NULL for that. So he is forced to login page again.

This happens only in IE7 and only sometimes. But when it happens, it doesnt let the user in.

Has anyone faced similar situation? Please suggest.

Regards, SG

Sandeep Gudibanda wrote:

Hi,

I am seeing this weird bug. I create a session for each new user, and keep updating the same session. If he logs in, i update his user_id into the session, so that i can keep track if he is logged in or not,and such things.

But sometimes in IE, no matter how many times a user enters his credentials, it wouldn't let him in. When i tried to debug,

I saw this process: It actually updates the session after authenticating. But when he is redirected to his profile page, a new session is getting created and user_id is NULL for that. So he is forced to login page again.

This happens only in IE7 and only sometimes. But when it happens, it doesnt let the user in.

Has anyone faced similar situation? Please suggest.

Regards, SG

I'm seeing the same thing. Except it sometimes happens on IE 6 for me also. Are you using AuthenticatedSystem?

- jason

Jason Lee wrote:

I'm seeing the same thing. Except it sometimes happens on IE 6 for me also. Are you using AuthenticatedSystem?

- jason

And what makes it worse for me is that it only happens on SOME machines. I have various vmware instances setup - Vista w/IE7, XP w/IE7, XP w/IE6 - and I cannot duplicate it on any of them - it always works.

However, my co-worker on random other machines have this problem (these are machines and friends and relatives houses).

For me, my sessions controller authenticates fine, but then when I redirect to my dashboard controller, I can see my 'before_filter :login_required' hook the request and redirect it to the login page.

We're also using SSL for our site, so I don't know if that makes any difference. I'm thinking about moving off cookie session store and maybe active record or local file system to see if this makes a difference.

I use act_as_authenticated..But no luck with cracking this bug though.:frowning:

Sandeep Gudibanda wrote:

I use act_as_authenticated..But no luck with cracking this bug though.:frowning:

So I've been monitoring our app and so far, some of the IE machines we were having problems with are working - *so far*. We're still working on testing the other ones. Plus, I don't know if it matters, but we're using SSL with all the auth.

What I did was switch over to active record session store. In doing this I had to make sure the protect_from_forgery with secret was uncommented in the application.rb controller. Also, I had a few forms that I generated by hand (for some optimized js stuff) and I had to go back to them to make sure that they included the auth tag

<input name="authenticity_token" type="hidden" value="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />

After that, things seemed to be ok. This is the first time I've used the active record store and it is noticeably slower (maybe just to me), but I can live with it as long as things work. I'm curious how other sites are not experiencing this same issue..?

Maybe this might help?