Forum: Ruby on Rails Unwanted sessions after routing error

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
646ce3f178af64df9b0bb9d73e31e3bc?d=identicon&s=25 Craig Hockenberry (Guest)
on 2006-02-01 22:31
I'm building a session-less application and have set "session :off" in
the base controller (ApplicationController in application.rb).

Unfortunately, I still see session files appearing in /tmp/ruby_sess.*
-- and the cause of these files is when a routing error occurs. Whenever
a bad URL comes in, for example
<http://localhost:3000/not/a/chance/in/hell>, the RoutingError exception
is raised then the session file is created.

I see this behavior in both the development (WEBrick) and production
(Apache) environments.

After reading
<http://wiki.rubyonrails.org/rails/pages/HowtoChang..., I
tried this as a workaround in environment.rb:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:disabled
=> true)

That didn't help.

It appears that this problem occurs after the render_* methods, while
ActionController is building the response, so I'm not sure how to
workaround it.

FYI, I found this problem because of a bad image URL that someone had
entered into a database. I don't want to solve this problem by doing URL
validation :-)

Any help or suggestions would be most appreciated.

-ch
646ce3f178af64df9b0bb9d73e31e3bc?d=identicon&s=25 Craig Hockenberry (Guest)
on 2006-02-03 21:27
Found the bug and submitted this ticket:

http://dev.rubyonrails.org/ticket/3708

-ch
This topic is locked and can not be replied to.