Rails sessions working intermittently in IE7


#1

Hello,
We are developing in Rails 2.1.0 and serving the files with mongrels
behind Apache. We are using SqlSessionStore. Recently I noticed that
when logging into our site using IE7 the session doesn’t persist in
some situations, and persists when it shouldn’t.

For instance when I log in my info is maintained when visiting certain
pages, but disappears on others. The info never fully disappears, it
just is only accessible certain situations. I can’t log out either.
Lastly if I close IE7 and reopen the browser my session is still
active.

So here are some things to take into account - Everything works fine
in development using a similar mongrel/apache/ssl setup. This would
make me think it might be the live server, but we have another ror
site that works fine. I guess this doesn’t eliminate the server.

What is puzzling is the session persists, but for some reason it
doesn’t get recognized on some requests. It seems another session
would be created in those cases, but one is not when I view the
sessions table. Also the fact that I can’t log out is weird.

Most of what I can find has to do with iframes and setting p3p in the
response, but that hasn’t worked and it seems that in those cases the
session isn’t persisting at all, which is different from our issue.


#2

Is this just happening in IE7? Can you replicate the issue in other
browsers like Chrome, Firefox, Safari, etc… ?


#3

I’ve noticed similar behavior on IE5 (I know, it’s old, so am I:-)…

I only running in development mode and testing on Firefox, Safari,
Opera, and IE. The only way I can terminate a session on IE is by
deleting related cookies. The other browsers work fine. I typically
run through mongrel though I’ve tried webrick with the same results.

Here’s my setup:

Ruby version 1.8.7 (powerpc-darwin9)
RubyGems version 1.3.0
Rails version 2.1.1
Active Record version 2.1.1
Action Pack version 2.1.1
Active Resource version 2.1.1
Action Mailer version 2.1.1
Active Support version 2.1.1
Application root /Users/rick/journeys
Environment development
Database adapter mysql
Database schema version 20080925171956


#4

Command0, it only happens in IE7 and IE6 (the only two I’ve tested).
Safari, Firefox (windows and mac) work fine. Also remember everything
works fine in development mode for all browsers.


#5

Rick,
That might work for logging out but it seems I’d still have the
problem of the session flaking out during the visit.


#6

Shandy,
As far as I know, I’m not the only one working on the site, there
is not much going into the session, only text, no objects. Where you
getting an actual error? I don’t get any errors.

I read about taking _ out of the session name, but that didn’t work. I
noticed that our web address without the www. does not go to our site.
I’m not sure if that is causing problems or not.

On Oct 16, 9:40 am, Shandy N. removed_email_address@domain.invalid


#7

Do you have some code? I just upgraded from 1.2.x to 2.1.0. and discover
the exact same thing. You won’t by chance be putting a whole object into
a session? This is what I did and was getting an overflow error, or
something like that, I fixed it by placing only small amounts of data in
the session variable, for example an id.

http://www.ruby-forum.com/topic/167643#new


#8

In IE7 i got 500 errors. Could it be that there might be puts statements
in your controller? I have found that that will reek havok on the app
sitting on our server and will usually give a 500 error. Also, you say
the session persists, are you resetting the session variable somewhere,
like when you logout? Are there any useful hints in the loggs?

-S


#9

Shandy,
I’ve just spent some time looking through the production log. I
noticed the IE7 requests were sometimes erroring out because of
InvalidAuthenticityToken errors. But I know this happens when cookies
are turned off so if the IE7 sessions aren’t working right this error
will probably exist. But just in case I disabled the AuthenticityToken
and the problems are still there.

Looking more into the log I see that not every IE7 request is being
logged, so the request must not actually be taking place. Almost like
IE7 is caching or something to that nature. If I refresh each page it
seems like things work like normal. Any ideas? I’m going to start
looking into caching and stuff like that.

On Oct 16, 2:14 pm, Shandy N. removed_email_address@domain.invalid


#10

I figured it out! It was caching pages. I found a post to add this in
the element:

and everything looks to be working. Thanks for your input.