Noel Rappin
unread,May 1, 2011, 4:39:40 PM5/1/11Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Phusion Passenger Discussions
I'm seeing some very weird "this should never be happening" errors on
my site.
* The setup is Rails 3.0.7, passenger, and nginx, on a Bluebox hosted
slice
* I was running passenger 3.0.4 and updated to 3.0.7, with no change.
* We are using Rails default cookie store for sessions.
We are consistently seeing an issue where the current user session
changes unpredictably. In other words, I can log in as a user, hit a
page and be logged out. Or worse, I can hit a page, and suddenly be
given another user's session, as far as the system is concerned I have
become the other user.
I have seen user data come up from users that have never logged from
my local box, and we've seen the behavior when a local machine
connects to the system for the first time. Clearing local cookies does
not fix the problem, although some browsers seem to trigger the
problem less frequently. We have not been able to reproduce the issue
in a development environment, nor have we been able to reproduce the
issue in a second Bluebox slice that is a clone of the first.
As far as I can tell from the logs, the users session ID actually
changes after they hit a page, and as far as I can tell, this happens
either before the request gets to our application or after the
application is finished with a request.
So:
* Has anybody seen similar behavior?
* What might be causing this? Is it possible this is in our
application stack somehow? Or is it likely to be a passenger problem?
The fact that I can sometimes get information from users that have
never been on the local machine makes me think the issue is either in
Rails or Passenger.
* I saw some hints on Stack Overflow that changing the spawning
behavior of Passenger might help. Or that switching to ActiveRecord
sessions might? I'll try them, but I'd rather have some idea what
might be happening first.
Thanks,
Noel