Rescue_from TamperedWithCookie error?

I submitted a ticket about this, but I thought perhaps I should ping
this mailing list as well.

When deploying an an app that was upgraded to run on Rails 2.0 and use
cookie sessions, users that are logged into the site receive an error:
CGI::Session::CookieStore::TamperedWithCookie when they first visit the
site. When they refresh once, this error will no longer appear. However,
I can’t figure out how to work around them seeing an Application Error
screen the first time. Is there any way to rescue_from this error, or
otherwise avoid encountering it all together?

http://dev.rubyonrails.org/ticket/10427

On 8 Dec 2007, at 23:48, Trevor T. wrote:

I can’t figure out how to work around them seeing an Application Error
screen the first time. Is there any way to rescue_from this error, or
otherwise avoid encountering it all together?

If you change the name of the cookie used then the app won’t see the
old cookie at all, which should handle things.

Frederick C. wrote:

If you change the name of the cookie used then the app won’t see the
old cookie at all, which should handle things.

I’m still not able to work around this issue. The problem occurs when I
change the “secret” used by cookie sessions in config/environment.rb:

config.action_controller.session = { :session_key => x, :secret => y }

That seems to trigger the TamperedWithCookie, which resolves itself
after one refresh. Changing the session_key and the secret at the same
time still triggers the error. So, I don’t know what to do!

Again, any further help would be much appreciated.

Thanks,

  • Trevor

On Dec 10, 2007, at 2:10 AM, Trevor T. wrote:

That seems to trigger the TamperedWithCookie, which resolves itself
after one refresh. Changing the session_key and the secret at the same
time still triggers the error. So, I don’t know what to do!

It should work, change the value associated to :session_key (which is
the name of the cookie) in environment.rb and restart the server.

– fxn

Xavier N. wrote:

On Dec 10, 2007, at 2:10 AM, Trevor T. wrote:
It should work, change the value associated to :session_key (which is
the name of the cookie) in environment.rb and restart the server.

I’ve added more detail to a Rails Trac ticket, including an example of
the error. I’m doing what you suggested, Xavier, and I’m still getting
this error.

http://dev.rubyonrails.org/ticket/10427

Thanks,

  • Trevor

Hi, Trevor.

I had the same problem when I upgraded to 2.0.1 and I got around it by
deleting the contents of my tmp/sessions directory. Hope that helps!

Katie

On Dec 12, 7:54 pm, Trevor T. [email protected]

Katie Kelly wrote:

I had the same problem when I upgraded to 2.0.1 and I got around it by
deleting the contents of my tmp/sessions directory. Hope that helps!

I was using the database for sessions, so that’s not the problem. Thanks
for the reply, though!

Trevor T. wrote:

Katie Kelly wrote:

I had the same problem when I upgraded to 2.0.1 and I got around it by
deleting the contents of my tmp/sessions directory. Hope that helps!

I was using the database for sessions, so that’s not the problem. Thanks
for the reply, though!

I had the same problem then I got around it by
deleting the contents from sessions table.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs