IE's session id changes on every request


#1

Hi,

I am developing a site with rails 2.1.2.
restful_authentication is used.

I can log in with Firefox but not with IE or Safari.
I checked the log and found that session ID changes every time for IE.

Why does this happen?

Thanks.

Sam


#2

Sam K. wrote:

Hi,

I am developing a site with rails 2.1.2.
restful_authentication is used.

I can log in with Firefox but not with IE or Safari.
I checked the log and found that session ID changes every time for IE.

Why does this happen?

Thanks.

Sam

I found out the cause of the problem.

In my development server, the site was mapped to a host name that
includes an underscore(_).
It caused the problem.

I found it at
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_20590538.html.

Thanks.

Sam


#3

I have a very similar question. I have an authentication module where
I print out the session.session_id and it will look like this:

BAh7CDoMY3NyZl9pZCIlZDAzYTUzMjEyNzgxYjY1NGVkNzRjOGUwYWMzMmIz
N2QiDnJldHVybi10byIGLyIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6
Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA==–02b20c5ea458a0a9f5a42e248d83f2438d29f720

Then when I print out the same session.session_id in the next method
called it bloats to this monstrosity:

BAh7CjoSY2hhbGxlbmdlX2tleSIB90JBaDdDRG9NWTNOeVpsOXBaQ0lsWkRB
ellUVXpNakV5TnpneFlqWTFOR1ZrTnpSak9HVXdZV016TW1JegpOMlFpRG5K
bGRIVnliaTEwYnlJR0x5SUtabXhoYzJoSlF6b25RV04wYVc5dVEyOXVkSEp2
Ykd4bGNqbzYKUm14aGMyZzZPa1pzWVhOb1NHRnphSHNBQmpvS1FIVnpaV1I3
QUE9PS0tMDJiMjBjNWVhNDU4YTBhOWY1YTQyZTI0OGQ4M2YyNDM4ZDI5Zjcy
MDgwNjI5NTM4MTg4MjcwN2U2NDQyYzM0NDgwYjExOThkYTVlMzNjNTNfNDA6
CXVzZXJvOglVc2VyCDoQQGF0dHJpYnV0ZXN7FiIJc2FsdCIAIg91cGRhdGVk
X2F0SXU6CVRpbWUNsykbgB1IV7cGOh9AbWFyc2hhbF93aXRoX3V0Y19jb2Vy
Y2lvbkYiEWRlbGV0ZV9hZnRlcjAiE3NlY3VyaXR5X3Rva2VuIjA4MDYyOTUz
ODE4ODI3MDdlNjQ0MmMzNDQ4MGIxMTk4ZGE1ZTMzYzUzXzQwIg11c2VybmFt
ZSINYzczbXIwY2siB2lkIgYxIg5maXJzdG5hbWUwIg1sYXN0bmFtZTAiD3Vz
ZXJfbGV2ZWwiBjEiEXRva2VuX2V4cGlyeTAiDGRlbGV0ZWQiBjAiDXZlcmlm
aWVkIgYwIgpsb2dpbiIAIhRzYWx0ZWRfcGFzc3dvcmQiJTQxYTgxM2MwODNk
ZGY2Y2ZiOTgwNjk4MzM0NGU3YWMwIhFsb2dnZWRfaW5fYXQwIgplbWFpbCIA
Ig9jcmVhdGVkX2F0MDoYQGNoYW5nZWRfYXR0cmlidXRlc3sAOhZAYXR0cmli
dXRlc19jYWNoZXsAIg5yZXR1cm4tdG8iBi86DGNzcmZfaWQiJWQwM2E1MzIx
Mjc4MWI2NTRlZDc0YzhlMGFjMzJiMzdkIgpmbGFzaElDOidBY3Rpb25Db250
cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–b8530fbb05eb97cfa9bc2f825be98190538c45ff

Any ideas what’s causing this?

Sam K. wrote:

Sam K. wrote:

Hi,

I am developing a site with rails 2.1.2.
restful_authentication is used.

I can log in with Firefox but not with IE or Safari.
I checked the log and found that session ID changes every time for IE.

Why does this happen?

Thanks.

Sam

I found out the cause of the problem.

In my development server, the site was mapped to a host name that
includes an underscore(_).
It caused the problem.

I found it at
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_20590538.html.

Thanks.

Sam


#4

Rails 2 uses cookie based sessions by default. You’re looking at
everything you’ve stored in your session.

On Nov 13, 2:48 pm, Clem R. removed_email_address@domain.invalid


#5

How would I isolate just the session_id or is there really such a
session_id that doesn’t change state w/ each action of a user session?

Jeff Emminger wrote:

Rails 2 uses cookie based sessions by default. You’re looking at
everything you’ve stored in your session.

On Nov 13, 2:48�pm, Clem R. removed_email_address@domain.invalid


#6

Clem R. wrote:

How would I isolate just the session_id or is there really such a
session_id that doesn’t change state w/ each action of a user session?

Jeff Emminger wrote:

Rails 2 uses cookie based sessions by default. You’re looking at
everything you’ve stored in your session.

On Nov 13, 2:48�pm, Clem R. removed_email_address@domain.invalid

Are you stroing an entire object in that session or just the id? I
recently switched from rails 1.2.x to 2.0 and found that session data is
handled differently between the two version. In rails 1.2.X. I could
store an entire object but in 2.0 I can store only a limited amount of
data in the session variable and one indication that you are storing an
object is that large hash that you see in your example. I solved this
problem by create several session variables that hold only id’s - an id
for a normal user, one for an administrator, etc.

Hope this helps,

-S


#7

it’s a bad idea to store actual objects in the session - just store an
ID if possible.

On Nov 13, 4:56 pm, Shandy N. removed_email_address@domain.invalid


#8

On Nov 13, 3:22 pm, Clem R. removed_email_address@domain.invalid
wrote:

How would I isolate just the session_id or is there really such a
session_id that doesn’t change state w/ each action of a user session?

not sure… i’ve never had reason to use the session_id. i just use
my properties as before, e.g. “session[:user_id]”