rescue_from TamperedWithCookie error?
Trevor Turk
this mailing list as well.
When deploying an an app that was upgraded to run on Rails 2.0 and use
cookie sessions, users that are logged into the site receive an error:
CGI::Session::CookieStore::TamperedWithCookie when they first visit the
site. When they refresh once, this error will no longer appear. However,
I can't figure out how to work around them seeing an Application Error
screen the first time. Is there any way to rescue_from this error, or
otherwise avoid encountering it all together?
http://dev.rubyonrails.org/ticket/10427
--
Posted via http://www.ruby-forum.com/.
Frederick Cheung
On 8 Dec 2007, at 23:48, Trevor Turk wrote:
>
> I submitted a ticket about this, but I thought perhaps I should ping
> this mailing list as well.
>
> When deploying an an app that was upgraded to run on Rails 2.0 and use
> cookie sessions, users that are logged into the site receive an error:
> CGI::Session::CookieStore::TamperedWithCookie when they first visit
> the
> site. When they refresh once, this error will no longer appear.
> However,
> I can't figure out how to work around them seeing an Application Error
> screen the first time. Is there any way to rescue_from this error, or
> otherwise avoid encountering it all together?
>
If you change the name of the cookie used then the app won't see the
old cookie at all, which should handle things.
Trevor Turk
> If you change the name of the cookie used then the app won't see the
> old cookie at all, which should handle things.
I'm still not able to work around this issue. The problem occurs when I
change the "secret" used by cookie sessions in config/environment.rb:
config.action_controller.session = { :session_key => x, :secret => y }
That seems to trigger the TamperedWithCookie, which resolves itself
after one refresh. Changing the session_key and the secret at the same
time still triggers the error. So, I don't know what to do!
Again, any further help would be much appreciated.
Thanks,
- Trevor
Xavier Noria
> Frederick Cheung wrote:
>> If you change the name of the cookie used then the app won't see the
>> old cookie at all, which should handle things.
>
> I'm still not able to work around this issue. The problem occurs
> when I
> change the "secret" used by cookie sessions in config/environment.rb:
>
> config.action_controller.session = { :session_key => x, :secret => y }
>
> That seems to trigger the TamperedWithCookie, which resolves itself
> after one refresh. Changing the session_key and the secret at the same
> time still triggers the error. So, I don't know what to do!
It should work, change the value associated to :session_key (which is
the name of the cookie) in environment.rb and restart the server.
-- fxn
Trevor Turk
I've added more detail to a Rails Trac ticket, including an example of
the error. I'm doing what you suggested, Xavier, and I'm still getting
this error.
http://dev.rubyonrails.org/ticket/10427
Katie Kelly
I had the same problem when I upgraded to 2.0.1 and I got around it by
deleting the contents of my tmp/sessions directory. Hope that helps!
Katie
On Dec 12, 7:54 pm, Trevor Turk <rails-mailing-l...@andreas-s.net>
wrote:
Trevor Turk
> I had the same problem when I upgraded to 2.0.1 and I got around it by
> deleting the contents of my tmp/sessions directory. Hope that helps!
I was using the database for sessions, so that's not the problem. Thanks
for the reply, though!
Saravanan Krishnan
> Katie Kelly wrote:
>> I had the same problem when I upgraded to 2.0.1 and I got around it by
>> deleting the contents of my tmp/sessions directory. Hope that helps!
>
> I was using the database for sessions, so that's not the problem. Thanks
> for the reply, though!
I had the same problem then I got around it by
deleting the contents from sessions table.