Session Crossing

19 views
Skip to first unread message

Noel Rappin

unread,
May 1, 2011, 4:39:40 PM5/1/11
to Phusion Passenger Discussions
I'm seeing some very weird "this should never be happening" errors on
my site.

* The setup is Rails 3.0.7, passenger, and nginx, on a Bluebox hosted
slice
* I was running passenger 3.0.4 and updated to 3.0.7, with no change.
* We are using Rails default cookie store for sessions.

We are consistently seeing an issue where the current user session
changes unpredictably. In other words, I can log in as a user, hit a
page and be logged out. Or worse, I can hit a page, and suddenly be
given another user's session, as far as the system is concerned I have
become the other user.

I have seen user data come up from users that have never logged from
my local box, and we've seen the behavior when a local machine
connects to the system for the first time. Clearing local cookies does
not fix the problem, although some browsers seem to trigger the
problem less frequently. We have not been able to reproduce the issue
in a development environment, nor have we been able to reproduce the
issue in a second Bluebox slice that is a clone of the first.

As far as I can tell from the logs, the users session ID actually
changes after they hit a page, and as far as I can tell, this happens
either before the request gets to our application or after the
application is finished with a request.

So:

* Has anybody seen similar behavior?

* What might be causing this? Is it possible this is in our
application stack somehow? Or is it likely to be a passenger problem?
The fact that I can sometimes get information from users that have
never been on the local machine makes me think the issue is either in
Rails or Passenger.

* I saw some hints on Stack Overflow that changing the spawning
behavior of Passenger might help. Or that switching to ActiveRecord
sessions might? I'll try them, but I'd rather have some idea what
might be happening first.

Thanks,

Noel

Johannes Fahrenkrug

unread,
Feb 5, 2013, 8:50:55 AM2/5/13
to phusion-...@googlegroups.com
Hi Noel,

did you ever find a solution?

Thank you!

- Johannes
Reply all
Reply to author
Forward
0 new messages