Problems with new cookie session store and firefox

I run Rails 2.0.2 and use the new cookie based session store.

My users get authenticated against a mysql database. When the
credentials
are ok I set session[:userid].

I use session[:userid] for example to track the user and in all
controller actions … find(:all, :conditions => [bla.user_id =
session[:userid] …

Let’s say a logged in user does not click on the Logout button but
closes
the browser window with CTRL-Q or something like that…

Then I open firefox again and I’am still logged in…looking in
Firefox’s
cookie store I still see the cookie.

In Safari I do not have this problem…

Can someone confirm this?

PS: MacOSX Leopard, Firefox 2.0.0.11


Jochen K.
figgfrosch.de / gissmoh.de / ror-ror.de / railswerk.de

Am 30.12.2007 um 18:13 schrieb Jochen K.:

Can someone confirm this?

PS: MacOSX Leopard, Firefox 2.0.0.11

I just told firefox to start up with a blank page - I always told him to
reopen all pages. No the problems seems to be away. :slight_smile:

On 12/30/07, Jochen K. [email protected] wrote:

Can someone confirm this?

PS: MacOSX Leopard, Firefox 2.0.0.11

Firefox has customizable preferences for what goes away when you close
the browser. Have a look at Preferences → Privacy → Settings →
Authenticated Sessions to see if yours is behaving like you’re
expecting it to.


Greg D.
http://destiney.com/

Am 31.12.2007 um 18:45 schrieb Greg D.:

controller actions … find(:all, :conditions => [bla.user_id =
In Safari I do not have this problem…

I know these settings and I played with them.

When the clicks on “log off” I do a “reset_session”…shouldn’t the
cookie
be deleted in firefox?

As described above the problem does not occur in safari-


Jochen K.
figgfrosch.de / gissmoh.de / ror-ror.de / railswerk.de

Am 31.12.2007 um 22:13 schrieb Greg D.:

On 12/31/07, Jochen K. [email protected] wrote:

I know these settings and I played with them.

When the clicks on “log off” I do a “reset_session”…shouldn’t the
cookie
be deleted in firefox?

Yes, but it won’t really be gone until the next request. Are you
redirecting after the reset_session ?

Yes, I make a redirect_to to the home page and render a partial
with information concerning the successfull log out.

As described above the problem does not occur in safari-

I just tested this one app I have open and I don’t notice any
differences with reset_session between Safari and Firefox. I have to
think something is up with your Firefox.

I will try to figure it out next few days…
Thanx.


Jochen K.
figgfrosch.de / gissmoh.de / ror-ror.de / railswerk.de

On 12/31/07, Jochen K. [email protected] wrote:

I know these settings and I played with them.

When the clicks on “log off” I do a “reset_session”…shouldn’t the
cookie
be deleted in firefox?

Yes, but it won’t really be gone until the next request. Are you
redirecting after the reset_session ?

As described above the problem does not occur in safari-

I just tested this one app I have open and I don’t notice any
differences with reset_session between Safari and Firefox. I have to
think something is up with your Firefox.


Greg D.
http://destiney.com/