Problem:
I login with a user account and have access to all member-only pages.
Then I access the file upload view, select a local file and press the
[Upload] button.
I was supposed to be redirected to /home/index where
session[:photo_original_filename] is displayed.
However I was redirected to the Login page instead. This was because my
authenticate user filter had
failed when it shouldn’t.
I figure the session may have changed so I recorded the session_id
before and after [Upload] button
was pressed. They were indeed different.
Next, I remove the enctype=“multipart/form-data” part from the form
declaration. I perform the steps
again and was redirected /home/index, as expected (with my current
session remained in tact).
So, I don’t know what the problem is and do hope someone could provide
some insight.
Well, I tried a few more things and found the culprit:
I removed the above line and the file upload work as expected (well
almost). It seems there is
something quirky with enctype= and _session_id processing.
Bug: params[:photo][:original_filename] should be
params[:photo].original_filename
Hope this will be useful to some for reference.
Cheers,
– Long
----- Original Message -----
From: “Long” [email protected]
To: [email protected]
Sent: Friday, August 31, 2007 12:04 AM
Subject: [Rails] Lost session with file upload
I login with a user account and have access to all member-only pages.
Then I access the file upload view, select a local file and press the [Upload] button.
I was supposed to be redirected to /home/index where session[:photo_original_filename] is
displayed.
However I was redirected to the Login page instead. This was because my authenticate user filter
had
failed when it shouldn’t.
I figure the session may have changed so I recorded the session_id before and after [Upload]
button
was pressed. They were indeed different.
Next, I remove the enctype=“multipart/form-data” part from the form declaration. I perform the
steps
Hi Long,
this is my personal experience, even if you don’t put _session_id in
any of your form, still the _session_id will be sent as part of each
request
which is stored in the browser side cookies, and these values are of
32-character length, and randomly generated by rails for each success-
full
authorization and they will be used for serialization of “session”
attribute of action_controller under the directory “tmp/sessions/”.
This folder contains “ruby-session-#{_session_id}” files which will be
red at each request and de-serialized to populate session hash.
So, since you hard-coded the value of _session_id in your form it
always goto that file which contains this value as part of file name,
which obviously
takes you to a different session than what you usually expect.
Sorry I should have written ‘Generated View’ instead since it was copied
from my Browser using view
source.
I agree with your point, for browsers with default settings (cookies
enabled). However, I don’t
think we can (should) trust browsers to pass cookies in all cases. That
was my reason for including
the session id in a hidden field. It works fine for regular forms on
browsers with and without
cookies support, and not just with Rails.
I believe this is a Rails bug (at least in 1.1.6) and hope someone from
Rails Core can use what I’ve
document here to investigate further.
Regards,
– Long
----- Original Message -----
From: “raghukumar” [email protected]
To: “Ruby on Rails: Talk” [email protected]
Sent: Saturday, September 01, 2007 9:30 AM
Subject: [Rails] Re: Lost session with file upload - resolved
This folder contains “ruby-session-#{_session_id}” files which will be
I’ve search this group for reports of this problem but didn’t find anything useful.
I was supposed to be redirected to /home/index where session[:photo_original_filename] is
displayed.
However I was redirected to the Login page instead. This was because my authenticate user
filter
Sorry I should have written ‘Generated View’ instead since it was copied from my Browser using
view
source.
I agree with your point, for browsers with default settings (cookies enabled). However, I don’t
think we can (should) trust browsers to pass cookies in all cases. That was my reason for
including
the session id in a hidden field. It works fine for regular forms on browsers with and without
cookies support, and not just with Rails.
I believe this is a Rails bug (at least in 1.1.6) and hope someone from Rails Core can use what
I’ve
To: “Ruby on Rails: Talk” [email protected]
authorization and they will be used for serialization of “session”
I removed the above line and the file upload work as expected (well almost). It seems there
is
----- Original Message -----
redirect_to :controller => 'home', :action => 'index'
failed when it shouldn't.
I figure the session may have changed so I recorded the session_id before and after
[Upload]
button
was pressed. They were indeed different.
Next, I remove the enctype=“multipart/form-data” part from the form declaration. I perform
the
steps
again and was redirected /home/index, as expected (with my current session remained in
tact).
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.