Re: [Rails-core] #3527, flash and halted filter chains

Zack Chandler Fri, 14 Jul 2006 12:27:05 -0700

If you comment out the reset_session line the code works fine.
Looks like a bug to me.  I always like to reset the session upon login
to protect against hijacked sessions.


Should I submit a bug report when trac comes back to life?

Zack

On 7/14/06, Zack Chandler <[EMAIL PROTECTED]> wrote:

... speaking of flash sweeping... was a change made to the trunk that
broke sweeping after a redirect?  Here is the error:

Processing AccountController#login (for 127.0.0.1 at 2006-07-14 11:11:02) [POST]
  Session ID: a7a2b536b4d92aa3f633659b17f6e74c
  Parameters: {"commit"=>"Log in", "subdomain"=>"zackchandler",
"action"=>"login", "controller"=>"account", "password"=>"trackit"}
  Account Columns (0.071569)   SHOW FIELDS FROM accounts
  Account Load (0.001490)   SELECT * FROM accounts WHERE
(accounts.`subdomain` = 'zackchandler' ) LIMIT 1
Redirected to http://zackchandler.localhost.com:3000
Completed in 0.08542 (11 reqs/sec) | DB: 0.07306 (85%) | 302 Found
[http://zackchandler.localhost.com/login]
You have a nil object when you didn't expect it!
The error occurred while evaluating nil.sweep
./script/../config/../vendor/rails/actionpack/lib/action_controller/flash.rb:144:in
`process_cleanup_without_filters'
./script/../config/../vendor/rails/actionpack/lib/action_controller/filters.rb:434:in
`process_cleanup_without_session_management_support'
./script/../config/../vendor/rails/actionpack/lib/action_controller/session_management.rb:123:in
`process_cleanup_without_components'
./script/../config/../vendor/rails/actionpack/lib/action_controller/components.rb:177:in
`process_cleanup'
./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:411:in
`process_without_filters'
./script/../config/../vendor/rails/actionpack/lib/action_controller/filters.rb:372:in
`process_without_session_management_support'
./script/../config/../vendor/rails/actionpack/lib/action_controller/session_management.rb:114:in
`process'
./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:318:in
`process'
./script/../config/../vendor/rails/railties/lib/dispatcher.rb:38:in `dispatch'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel/rails.rb:85:in
`process'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:563:in
`process_client'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:562:in
`process_client'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:648:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:648:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:637:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:969:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel.rb:968:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/bin/mongrel_rails:119:in
`run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/lib/mongrel/command.rb:211:in
`run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.2/bin/mongrel_rails:227
./script/../config/../vendor/rails/activesupport/lib/active_support/dependencies.rb:140:in
`load'
./script/../config/../vendor/rails/railties/lib/commands/servers/mongrel.rb:48
/usr/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in `require'
./script/../config/../vendor/rails/activesupport/lib/active_support/dependencies.rb:147:in
`require'
./script/../config/../vendor/rails/railties/lib/commands/server.rb:39
./script/server:3

Here is the controller action

        def login
    if request.post?
                        account = Account.authenticate(params[:subdomain], 
params[:password])
                        if account
                                reset_session
                                session[:account_id] = account.id
                                session[:subdomain] = account.subdomain
        session[:name] = account.name
        domain = request.env['HTTP_HOST'].split('.')[1..-1].join('.')
# strip off subdomain
        redirect_to "http://#{account.subdomain}.#{domain}";
      else
        flash[:error] = 'We were unable to login you in.  Check your
web site name
                         and password and please try again.'
                        end
                end
  end

Any ideas?

Zack

On 7/13/06, Caio Chassot <[EMAIL PROTECTED]> wrote:
> >   def redir
> >     flash[:foo] = 'bar'
> >     redirect_to :action => 'two'
> >     false
> >   end
>
>
> And if you want to see the behavior I expect, call flash.sweep in
> redir before returning false:
>
> def redir
>    flash[:foo] = 'bar'
>    redirect_to :action => 'two'
>    flash.sweep
>    false
> end
>
>
> _______________________________________________
> Rails-core mailing list
> [email protected]
> http://lists.rubyonrails.org/mailman/listinfo/rails-core
>

_______________________________________________
Rails-core mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails-core

Re: [Rails-core] #3527, flash and halted filter chains

Reply via email to