Thanks for catching that. will get someone to apply that asap. :( On 8 ก.ย. 2553, at 21:01, Mislav Marohnić wrote:
> A Rails 2.3.9 app with Active Record or Memcache session store will never > send the session ID cookie to a client if the client doesn't send any HTTP > cookies in its requests. Rails integration tests didn't catch this because > they always send the HTTP_COOKIE header, even if it's empty. > > This is a huge bug, as it can break keeping sessions on sites which don't set > any additional cookies for its visitors. Visitors without existing cookies > will not be able to log in, for example (this is how I discovered the bug). > > Lighthouse ticket and fix is here. > > An unobtrusive monkeypatch for existing apps can also be found on the ticket. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-core?hl=en. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
