Sessions Not Working In Production Mode

nathan.mealey · November 29, 2007, 6:04pm

I am completely stumped by this problem, and would welcome any suggestions people could provide.

My application uses active-record-based sessions. In development mode, the app works fine with sessions, no problems. But in production mode, the process works for a while (a few hours, maybe more), but at a certain point the session mechanism stop working.

It looks like the system stops storing new session info. Instead, it appears to continually (with each step in a controller) create a new session object, and delete the old one, erasing previous data and so preventing anyone from really logging in. When this happens, sessions in development mode (using Webrick, Mongrel, or Lighttpd) are still working fine.

If I restart the production webserver, the sessions process works again, for a while. But then the same problem resurfaces.

The production server is Mongrel being proxied by Apache. I've experienced this same problem running Lighttpd proxied via Apache. The application uses the reverse_proxy_fix plugin.

Thanks for any help!

11175 · February 3, 2008, 10:29pm

Nathan,

We are experiencing a similar, but different problem. Our problem that the application creates one and only one session and all users share the same session. Rails seems not to be creating new sessions for separate requests. This also does not happen in development, only production. We are hosted at Engine Yard and are using Rfacebook. We are pulling our hair out trying to understand the problem. Have you received any information?

11175 · February 11, 2008, 9:17pm

Elliott Blatt wrote:

I am having the same issue with rfacebook. I am debugging it currently and will share any feedback.

It seems highly probable that there is a bug in rfacebook .98

Please let me know if you have learned anything since your last post.

Thanks,

John

mwk88 · February 18, 2008, 4:17pm

I think I have figured this out. Looks like there is a bug in rfacebook .98:

session_extensions.rb original code: def session_id_available?(request) # :nodoc: # TODO: we should probably be checking the fb_sig for validity here (template method needed) # ...we can only do this if we can grab the equivalent of a params hash return (lookup_request_parameter(request, "fb_sig_in_canvas") or lookup_request_parameter(request, "fb_sig_is_ajax")) end

The problem is lookup_request_parameter returns "" (not nil) if it does not find the param, so this is returning true even when fb_sig_in_canvas and fb_sig_is_ajax are not present.

Here's the fix I jammed in -- don't know if this has unintended consequences, but it did immediately solve the session reuse bug: def session_id_available?(request) # :nodoc: # TODO: we should probably be checking the fb_sig for validity here (template method needed) # ...we can only do this if we can grab the equivalent of a params hash # TODO mwk 2.18.2008 These return "" even if the parameter is not found -- is this really the right test? fb_sic = lookup_request_parameter(request, "fb_sig_in_canvas") fb_sia = lookup_request_parameter(request, "fb_sig_is_ajax")

#return (lookup_request_parameter(request, "fb_sig_in_canvas") or lookup_request_parameter(request, "fb_sig_is_ajax")) return ((fb_sic and (fb_sic.length > 0)) or (fb_sia and (fb_sia.length > 0))) # TODO mwk end

Mike

11175 · February 19, 2008, 7:09am

Hi Mike,

I tried your fix but my application just ran in an infinite loop. I am running this on Mongrel 1.1.2. The following two messages keep getting logged. The only paramater that changes in each cycle is the authorization token.

Processing WelcomeController#index (for 127.0.0.1 at 2008-02-18 21:04:36) [GET]

Session ID: 877ec39dd76d084fffbd9e135bbd3723

Parameters: {"action"=>"index", "controller"=>"welcome"}

** RFACEBOOK INFO: Redirecting to login for external app

** RFACEBOOK INFO: iframe redirect to

Filter chain halted as [#<ActionController::Filters::ClassMethods::SymbolFilter:0x474c5e4 @filter=:require_facebook_login>] returned_false.

Completed in 0.00010 (10000 reqs/sec) | Rendering: 0.00000 (0%) | 200 OK [http://localhost/fbfavor/\]

** RFACEBOOK INFO: using default Rails sessions (since we didn't find an fb_sig_session_key in the environment)

Processing WelcomeController#index (for 127.0.0.1 at 2008-02-18 21:04:41) [GET]

Session ID: 12655f67461b21da0aa26b5573797394

Parameters: {"action"=>"index", "auth_token"=>"fbd2c38fdfda676d6f519724e5a03479", "controller"=>"welcome"}

** RFACEBOOK INFO: attempting to activate a new Facebook session from auth_token

** RFACEBOOK(GEM) - RFacebook::FacebookSession#remote_call - auth.getSession({:auth_token=>"fbd2c38fdfda676d6f519724e5a03479"}) - making remote call

** RFACEBOOK INFO: Regular redirect_to

Redirected to http://localhost:3000/fbfavor/

** RFACEBOOK(GEM) - RFacebook::FacebookSession#remote_call - users.getInfo({:uids=>"761540841", :fields=>["first_name", "last_name"]}) - making remote call

) - making remote call

** RFACEBOOK INFO: persisting Facebook session information into Rails session

Completed in 5.82800 (0 reqs/sec) | 302 Found [http://localhost/fbfavor/welcome/index?auth_token=fbd2c38fdfda676d6f519724e5a03479]

]

** RFACEBOOK INFO: using default Rails sessions (since we didn't find an fb_sig_session_key in the environment)

If anyone sees similar issues, please share.

Thanks,

John

Gerald_Bauer3 · February 20, 2008, 7:47pm

Hello,

FYI: rfacebook has a dedicated Google Group @ groups.google.com/group/ rfacebook that includes all the core developer as its subscribers.

It's all the "official" rfacebook forum/mailing list if you want get anything fixed or contribute your patches.

Cheers.

11175 · March 4, 2008, 3:36am

Thanks John. I tried your solution and it works! Thanks a lot! -Krates

Michael_Kovacs · March 5, 2008, 7:53am

Hey guys,

I found a solution to this problem. It's fixed in the rfacebo version of rfacebook (the branch that supports facebook and bebo simultaneously) but it needs to be moved to trunk as well. If you want to modify it yourself on your local copy to test here's the diff:

Index: rfacebo/plugin/rfacebook/lib/session_extensions.rb