On 9/29/10 7:08 PM, Jim Gay wrote:
On Wed, Sep 29, 2010 at 6:57 PM, Wes Gamble<we...@att.net>  wrote:
My problem is somehow created by Rails 2.3.9.  When I put 2.3.8 back, it
works fine.

I did further verify that cookie contents are written upon a 302 redirect
(which is what "logout" does, redirecting to "login") in general.

Not sure what happened, but be forewarned, Rails 2.3.9 breaks the built-in
Radiant authentication system in that it does not successfully log you out.
So did you alter the rails thats bundled with Radiant to bump it to 2.3.8?
What's your setup? Radiant in vendor/radiant and then you pulled out

Yes - a couple of weeks ago, I upgraded to Rails 2.3.9 by replacing vendor/radiant/vendor/rails with 2.3.9, and clearly, I didn't test well enough, and the admin. logout bug was introduced.

It does seem strange that something so low level would have changed.


On 9/29/10 3:08 PM, Wes Gamble wrote:

Apologies for replying to my own post.

I have verified a couple more things:

1) In general, I can write to the session from my Radiant app. without
incident.  Using these actions:

def modify_session
     session[:number] = rand(10000)
     render :action =>  :session

   def show_session
     render :action =>  :session

and this view, and comparing the actual session _data_ cookie, I can see
that the session data changes.

   Welcome, user!
   Your session information is as follows:
   = session.inspect
   = cookies.inspect

2) When I log out and log back in, I can verify that the session data does
not change, because the session _data_ cookie is identical right before the
logout method ends and right as the login method begins (and the logout
method removes the user_id from the session).

My next theory is that my use of ActiveScaffold (for easily displaying some
custom administrative data) is interfering with the logout process somehow.


On 9/28/10 6:05 PM, Wes Gamble wrote:

Rails 2.3.9
Radiant 0.9.1

I noticed recently that admin users in my Radiant app. can no longer logout
successfully - upon logout, they are taken back to the /admin/pages (default
admin) page.

I've been debugging this locally and checking out what happens between the
calls to Admin::WelcomeController#logout and Admin::WelcomeController#login
and as best I can tell, everything looks correct, but the session cookie
doesn't get modified (the 'user_id' key does not get set to nil; I even
_removed_ the 'user_id' key in the "logout" action and the next request
still had the old 'user_id' value in the session).

It happens in Chrome, Firefox, and Safari.

I know this is one of those things that no one will be able to help with,
but on the off chance that anyone has seen weird cookie-not-being-written
behavior with Radiant 0.9.1/Rails 2.3.9, please let me know.


Reply via email to