I'm using an exception notification plugin which sends me an email whenever an exception is raised on the rails server. Regularly I'm getting exception reports due to raising a PermissionDenied exception when a user has no access or because rails complains about an invalid authenticity token.
I can never reproduce these. And in 99% of the cases it works fine for our users, but there's a 1% for whom it apparently fails. These exceptions are always due to an action triggered by an ajax request. The content of the exception report is always something like below. The thing I find odd is that the HTTP_COOKIE indicates the user is logged in, but the session section reports a session_id of nil. I.e., the code will see the user as logged out, and raise an access denied exception. In my log I can see that subsequent (non-Ajax) requests from the same user do work fine. I also notice that all exception reports are always from MSIE6.0 and MSIE7.0 clients. I'm using jQuery. I was wondering if anyone else has seen issues like this. Is there a known cause and/or workaround / solution? Cheers, Jimmy ------------------------------- Request: ------------------------------- * URL : http://example.com/ajaxaction * IP address: 165.86.81.25 * Parameters: {"format"=>"json", "action"=>"ajaxaction", "_method"=>"put", "authenticity_token"=>"/y/ G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} * Rails root: /var/www/production.example.com/releases/ 20090812034504 ------------------------------- Session: ------------------------------- * session id: nil * data: nil ------------------------------- Environment: ------------------------------- * CONTENT_LENGTH : 83 * CONTENT_TYPE : application/x-www- form-urlencoded * DOCUMENT_ROOT : /var/www/ production.example.com/current/public * HTTP_ACCEPT : application/json, text/javascript, */*, text/javascript * HTTP_ACCEPT_LANGUAGE : en-au * HTTP_CONNECTION : Keep-Alive * HTTP_CONTENT_TYPE : application/x-www- form-urlencoded * HTTP_COOKIE : __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; __utmb=133279534.11.30.1230110149; __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= (none); _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; __qca=1242135797-11579318-30372251; __qcb=496730851; __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Edg; auth_token=; __unam=7659673-12310665fd4-664da270-1 * HTTP_HOST : example.com * HTTP_PRAGMA : no-cache * HTTP_REFERER : http://example.com/ * HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) * HTTP_VIA : 1.0 GWD-BK7-PXY01, 1.1 GWD-BK7-PXY03 * HTTP_X_NOVINET : v1.2 * HTTP_X_REQUESTED_WITH : XMLHttpRequest * PATH_INFO : /ajaxaction * QUERY_STRING : * REMOTE_ADDR : 165.86.81.25 * REMOTE_PORT : 41604 * REQUEST_METHOD : PUT * REQUEST_URI : /ajaxaction * SCRIPT_NAME : * SERVER_ADDR : 100.22.88.200 * SERVER_ADMIN : [email protected] * SERVER_NAME : example.com * SERVER_PORT : 80 * SERVER_PROTOCOL : HTTP/1.1 * SERVER_SOFTWARE : Apache/2.2.8 (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 * _ : _ * action_controller.request.path_parameters : formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce10d * action_controller.request.query_parameters : * action_controller.request.request_parameters: authenticity_token/y/ G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput * action_controller.rescue.request : #<ActionController::Request:0x7f1e3e134f80> * action_controller.rescue.response : #<ActionController::Response:0x7f1e3e130778> * rack.errors : #<IO:0x7f1e47c9cea0> * rack.input : #<Rack::RewindableInput:0x7f1e3e13ee40> * rack.methodoverride.original_method : POST * rack.multiprocess : true * rack.multithread : false * rack.request.cookie_hash : __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utmb136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.utmcsr= (direct)|utmccn=(direct)|utmcmd=(none) _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvVNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_token__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172:S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 * rack.request.cookie_string : __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; __utmb=136279534.11.10.1250110149; __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= (none); _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; __qca=12421797-11318-372251; __qcb; __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; auth_token=; __unam=7639673-12310665fd4-665da270-1 * rack.request.form_hash : authenticity_token/y/ G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput * rack.request.form_input : #<Rack::RewindableInput:0x7f1e3e13ee40> * rack.request.form_vars : _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs %3D * rack.request.query_hash : * rack.request.query_string : * rack.run_once : false * rack.session : session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 * rack.session.options : path/ expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_session_id * rack.url_scheme : http * rack.version : 10 * Process: 20353 * Server : exampleproduction --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
