> > At a slight tangent, isolating application sessions won't fully solve > > this problem; you can change the name of a Model object and see this > > 'white screen of death' within the same application. Something needs > > to be wrapped around the session loading to let Rails gracefully > > handle loading a malignant session and at least give the user *some* > > feedback (logs, 500 status, anything really). > > > > The root of the issue here is that CGI::Session doesn't raise an > exception when this sort of behavior occurs. It's awful, I know, but > it's the sad truth: there's no way to know in advance if > > request = ActionController::CgiRequest.new(cgi, session_options) > > will totally fail or not, and there's no exception raised. It's even > in the docs that "things will break nastily" [1] in just this sort of > situation. If I am wrong here (and I'd love to be) then please let > me know.
Actually, it does raise an exception (at least in the case where it can't open the session file due to permissions issues). But the error handling path assumes the presense of a working session object so the exception never gets logged. I filed that bug here: http://dev.rubyonrails.org/ticket/3474. _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
