Continuing my efforts to upgrade our legacy merb app up to 1.1, and spent the
better part of today struggling with merb-auth. Seemed that if the user had
been set in the session cookie from a previous session -- or by using the old
pre merb 1.1 branch -- I had no problem authenticating and all was well. But if
I tried to log in using the merb 1.1 branch, I wasn't getting any love. A ton
of debugging later, I confirmed all the internal mechanics of merb-auth were
working, but the cookie was not being properly set on the browser, thus when
the 302 redirect triggered an auth check, the user value was not found and an
Unauthorized exception was thrown.
I tracked this down to merb-core/dispatch/cookies.rb -- line 90:
cookies.empty? ? {} : { 'Set-Cookie' => cookies.join(Merb::Const::NEWLINE) }
Which is slightly modified from merb 1.0.11 (the last version we used):
cookies.empty? ? {} : { 'Set-Cookie' => cookies }
Using the old line worked! I was able to grab the response output, and it's
about as you'd expect.
----------------------
Default merb 1.1 response output --
[302, {"Location"=>"/admin", "Content-Type"=>"text/html; charset=utf-8",
"Set-Cookie"=>"remember_me=true; expires=Fri, 25-Mar-2011 00:19:39 GMT;
path=/;\n_amps_session_id=BAh7CCIOcmV0dXJuX3RvMCIeYXV0aGVudGljYXRpb25fc3RyYXRlZ2llczAi%250ACXVzZXJpBg%253D%253D--7793a78b4affbd75e5b268e17c62a4a39b19dba8;
path=/;\nauth_token=c38ac66921dd36875576d97c1f9345df81e8cc12; expires=Sat,
27-Mar-2010 00:19:39 GMT; path=/;"}, #<Merb::Rack::StreamWrapper:0xf697b14c
@body="Add an after filter to do stuff after login">]
Modified merb 1.1 response output --
[302, {"Location"=>"/admin", "Content-Type"=>"text/html; charset=utf-8",
"Set-Cookie"=>["remember_me=true; expires=Fri, 25-Mar-2011 00:18:37 GMT;
path=/;",
"_amps_session_id=BAh7CCIOcmV0dXJuX3RvMCIeYXV0aGVudGljYXRpb25fc3RyYXRlZ2llczAi%250ACXVzZXJpBg%253D%253D--7793a78b4affbd75e5b268e17c62a4a39b19dba8;
path=/;", "auth_token=90eb3d6c3898ab234dc26a357788a7a811f8e405; expires=Sat,
27-Mar-2010 00:18:37 GMT; path=/;"]}, #<Merb::Rack::StreamWrapper:0xf6952030
@body="Add an after filter to do stuff after login">]
----------------------
Obviously the big differences is that the Set-Cookie value is an array in the
modified version and a string in the origional. I don't really know a lot about
Rack, so I'm not sure what is the expected formating, but I do know that the
original version doesn't work properly. Can anyone help me understand what's
going on here?
Thanks,
Sean
--
Sean Kellogg
e: [email protected]
--
You received this message because you are subscribed to the Google Groups
"merb" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/merb?hl=en.
