Global user variable not being reset between requests.

6 views
Skip to first unread message

Tim W

unread,
Nov 17, 2008, 9:29:42 AM11/17/08
to Phusion Passenger Discussions
Not sure exactly how to frame this question in perfect programming
speak, so please bear with me..

Moving my app to Passenger has been great, the speed vs
mod_proxy_balancer and mongrels is very noticeable, but I keep getting
reports that users sometimes load up a page and it looks like they
were logged in as someone else.

I have been unable to duplicate this at all, thus is hard to
troubleshoot. I have been focusing on the line:
User.current_user = @current_user
Which i have in there to be able to track model changes and my access
control.

On every request i reset that Variable..
User.current_user = nil unless User.current_user.nil?

I have set up some logging to check that all requests match the
current user with what their cookie has them logged in as and
everything turns out fine. Pages for non logged in users are cached
and I et up a cron grepping them for logged in pages and non show up.

I'm stuck. Any ideas what could be holding the user data from request
to request? What might be different between the mongrel setup and he
Passenger setup where this starts to happen?

Thanks for any insight.

-timw

Lee Hambley

unread,
Nov 17, 2008, 5:49:53 PM11/17/08
to phusion-...@googlegroups.com
timw,

 This is almost certianly caching in your application - if you're using page caching, rather than fragment caching -- are you?

- L

2008/11/17 Tim W <tiwa...@gmail.com>

Tim W

unread,
Nov 18, 2008, 1:16:14 PM11/18/08
to Phusion Passenger Discussions
I am using a mixture of both. Although on the pages I am getting the
reports of wrong user data, there is no caching at all going on.

-timw

On Nov 17, 5:49 pm, "Lee Hambley" <lee.hamb...@gmail.com> wrote:
> timw,
>
>  This is almost certianly caching in your application - if you're using page
> caching, rather than fragment caching -- are you?
>
> - L
>
> 2008/11/17 Tim W <tiwat...@gmail.com>

Tim W

unread,
Nov 18, 2008, 2:56:46 PM11/18/08
to Phusion Passenger Discussions
I focused on this a bit more this morning and am still completely
stumped. The page I have focused on has no caching on it at all and
has a simple form to ask for name and location. The model itself does
not store the name and location, but via attr_accessor I store them in
the users model. I use a initialize method to pre-fill out the form
for logged in users. People have complained that others information
shows up prefilled in the form.

Can anyone think of any debugging methods that could apply here? Or
how to debug this without being able to duplicate it?

-timw

Tim W

unread,
Nov 18, 2008, 4:59:12 PM11/18/08
to Phusion Passenger Discussions
Sorry for taking up the Passenger list for this, but after getting a
hold of someone who could duplicate it, I tracked it down to:

self.verification_hash = Digest::SHA1.hexdigest("--" + rand(10).to_s +
"--" + self.id.to_s + Time.now.to_s + "--")

Is somehow creating the same digests for multiple users.

-timw
Reply all
Reply to author
Forward
0 new messages