Sessions Not Working In Production Mode

I am completely stumped by this problem, and would welcome any
suggestions people could provide.

My application uses active-record-based sessions. In development mode,
the app works fine with sessions, no problems. But in production mode,
the process works for a while (a few hours, maybe more), but at a
certain point the session mechanism stop working.

It looks like the system stops storing new session info. Instead, it
appears to continually (with each step in a controller) create a new
session object, and delete the old one, erasing previous data and so
preventing anyone from really logging in. When this happens, sessions
in development mode (using Webrick, Mongrel, or Lighttpd) are still
working fine.

If I restart the production webserver, the sessions process works
again, for a while. But then the same problem resurfaces.

The production server is Mongrel being proxied by Apache. I've
experienced this same problem running Lighttpd proxied via Apache. The
application uses the reverse_proxy_fix plugin.

Thanks for any help!

Nathan,

We are experiencing a similar, but different problem. Our problem that
the application creates one and only one session and all users share the
same session. Rails seems not to be creating new sessions for separate
requests. This also does not happen in development, only production.
We are hosted at Engine Yard and are using Rfacebook. We are pulling
our hair out trying to understand the problem. Have you received any
information?

Elliott Blatt wrote:

I am having the same issue with rfacebook. I am debugging it currently
and will share any feedback.

It seems highly probable that there is a bug in rfacebook .98

Please let me know if you have learned anything since your last post.

Thanks,

John

I think I have figured this out. Looks like there is a bug in
rfacebook .98:

session_extensions.rb original code:
  def session_id_available?(request) # :nodoc:
    # TODO: we should probably be checking the fb_sig for validity
here (template method needed)
    # ...we can only do this if we can grab the equivalent of a
params hash
    return (lookup_request_parameter(request, "fb_sig_in_canvas") or
lookup_request_parameter(request, "fb_sig_is_ajax"))
  end

The problem is lookup_request_parameter returns "" (not nil) if it
does not find the param, so this is returning true even when
fb_sig_in_canvas and fb_sig_is_ajax are not present.

Here's the fix I jammed in -- don't know if this has unintended
consequences, but it did immediately solve the
session reuse bug:
  def session_id_available?(request) # :nodoc:
    # TODO: we should probably be checking the fb_sig for validity
here (template method needed)
    # ...we can only do this if we can grab the equivalent of a
params hash
    # TODO mwk 2.18.2008 These return "" even if the parameter is not
found -- is this really the right test?
    fb_sic = lookup_request_parameter(request, "fb_sig_in_canvas")
    fb_sia = lookup_request_parameter(request, "fb_sig_is_ajax")

    #return (lookup_request_parameter(request, "fb_sig_in_canvas") or
lookup_request_parameter(request, "fb_sig_is_ajax"))
    return ((fb_sic and (fb_sic.length > 0)) or (fb_sia and
(fb_sia.length > 0))) # TODO mwk
  end

Mike

Hi Mike,

I tried your fix but my application just ran in an infinite loop. I am
running this on Mongrel 1.1.2. The following two messages keep getting
logged. The only paramater that changes in each cycle is the
authorization token.

Processing WelcomeController#index (for 127.0.0.1 at 2008-02-18
21:04:36) [GET]

  Session ID: 877ec39dd76d084fffbd9e135bbd3723

  Parameters: {"action"=>"index", "controller"=>"welcome"}

** RFACEBOOK INFO: Redirecting to login for external app

** RFACEBOOK INFO: iframe redirect to
http://www.facebook.com/login.php?v=1.0&api_key=

Filter chain halted as
[#<ActionController::Filters::ClassMethods::SymbolFilter:0x474c5e4
@filter=:require_facebook_login>] returned_false.

Completed in 0.00010 (10000 reqs/sec) | Rendering: 0.00000 (0%) | 200 OK
[http://localhost/fbfavor/]

** RFACEBOOK INFO: using default Rails sessions (since we didn't find an
fb_sig_session_key in the environment)

** RFACEBOOK INFO: using default Rails sessions (since we didn't find an
fb_sig_session_key in the environment)

Processing WelcomeController#index (for 127.0.0.1 at 2008-02-18
21:04:41) [GET]

  Session ID: 12655f67461b21da0aa26b5573797394

  Parameters: {"action"=>"index",
"auth_token"=>"fbd2c38fdfda676d6f519724e5a03479",
"controller"=>"welcome"}

** RFACEBOOK INFO: attempting to activate a new Facebook session from
auth_token

** RFACEBOOK(GEM) - RFacebook::FacebookSession#remote_call -
auth.getSession({:auth_token=>"fbd2c38fdfda676d6f519724e5a03479"}) -
making remote call

** RFACEBOOK INFO: Regular redirect_to

** RFACEBOOK INFO: Regular redirect_to

Redirected to http://localhost:3000/fbfavor/

** RFACEBOOK(GEM) - RFacebook::FacebookSession#remote_call -
users.getInfo({:uids=>"761540841", :fields=>["first_name",
"last_name"]}) - making remote call

) - making remote call

** RFACEBOOK INFO: persisting Facebook session information into Rails
session

Completed in 5.82800 (0 reqs/sec) | 302 Found
[http://localhost/fbfavor/welcome/index?auth_token=fbd2c38fdfda676d6f519724e5a03479]

]

** RFACEBOOK INFO: using default Rails sessions (since we didn't find an
fb_sig_session_key in the environment)

** RFACEBOOK INFO: using default Rails sessions (since we didn't find an
fb_sig_session_key in the environment)

If anyone sees similar issues, please share.

Thanks,

John

Hello,

FYI: rfacebook has a dedicated Google Group @ groups.google.com/group/
rfacebook that includes all the core developer as its subscribers.

  It's all the "official" rfacebook forum/mailing list if you want get
anything fixed or contribute your patches.

   Cheers.

Thanks John. I tried your solution and it works! Thanks a lot!
-Krates

Hey guys,

I found a solution to this problem. It's fixed in the rfacebo version
of rfacebook (the branch that supports facebook and bebo
simultaneously) but it needs to be moved to trunk as well. If you want
to modify it yourself on your local copy to test here's the diff:

Index: rfacebo/plugin/rfacebook/lib/session_extensions.rb