On Aug 13, 2:30 am, Jimmy <[email protected]> wrote:
> I'm using an exception notification plugin which sends me an email
> whenever an exception is raised on the rails server. Regularly I'm
> getting exception reports due to raising a PermissionDenied exception
> when a user has no access or because rails complains about an invalid
> authenticity token.
>
> I can never reproduce these. And in 99% of the cases it works fine for
> our users, but there's a 1% for whom it apparently fails.
>
> These exceptions are always due to an action triggered by an ajax
> request.
>
do you have a concurrent request problem ? when you get two
overlapping requests from a single user then changes by one of them to
the session will 'beat' changes by the other one.
Fred
> The content of the exception report is always something like below.
>
> The thing I find odd is that the HTTP_COOKIE indicates the user is
> logged in, but the session section reports a session_id of nil. I.e.,
> the code will see the user as logged out, and raise an access denied
> exception.
>
> In my log I can see that subsequent (non-Ajax) requests from the same
> user do work fine.
>
> I also notice that all exception reports are always from MSIE6.0 and
> MSIE7.0 clients.
>
> I'm using jQuery.
>
> I was wondering if anyone else has seen issues like this. Is there a
> known cause and/or workaround / solution?
>
> Cheers,
> Jimmy
>
> -------------------------------
> Request:
> -------------------------------
>
> * URL :http://example.com/ajaxaction
> * IP address: 165.86.81.25
> * Parameters: {"format"=>"json", "action"=>"ajaxaction",
> "_method"=>"put", "authenticity_token"=>"/y/
> G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts",
> "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"}
> * Rails root: /var/www/production.example.com/releases/
> 20090812034504
>
> -------------------------------
> Session:
> -------------------------------
>
> * session id: nil
> * data: nil
>
> -------------------------------
> Environment:
> -------------------------------
>
> * CONTENT_LENGTH : 83
> * CONTENT_TYPE : application/x-www-
> form-urlencoded
> * DOCUMENT_ROOT : /var/www/
> production.example.com/current/public
> * HTTP_ACCEPT : application/json,
> text/javascript, */*, text/javascript
> * HTTP_ACCEPT_LANGUAGE : en-au
> * HTTP_CONNECTION : Keep-Alive
> * HTTP_CONTENT_TYPE : application/x-www-
> form-urlencoded
> * HTTP_COOKIE :
> __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2;
> __utmb=133279534.11.30.1230110149;
> __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=
> (none);
> _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NT
> RhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZN
> kVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNv
> bnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA
> %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534;
> __qca=1242135797-11579318-30372251; __qcb=496730851;
> __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Ed g;
> auth_token=; __unam=7659673-12310665fd4-664da270-1
> * HTTP_HOST : example.com
> * HTTP_PRAGMA : no-cache
> * HTTP_REFERER :http://example.com/
> * HTTP_USER_AGENT : Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1)
> * HTTP_VIA : 1.0 GWD-BK7-PXY01,
> 1.1 GWD-BK7-PXY03
> * HTTP_X_NOVINET : v1.2
> * HTTP_X_REQUESTED_WITH : XMLHttpRequest
> * PATH_INFO : /ajaxaction
> * QUERY_STRING :
> * REMOTE_ADDR : 165.86.81.25
> * REMOTE_PORT : 41604
> * REQUEST_METHOD : PUT
> * REQUEST_URI : /ajaxaction
> * SCRIPT_NAME :
> * SERVER_ADDR : 100.22.88.200
> * SERVER_ADMIN :
> [email protected]
> * SERVER_NAME : example.com
> * SERVER_PORT : 80
> * SERVER_PROTOCOL : HTTP/1.1
> * SERVER_SOFTWARE : Apache/2.2.8
> (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3
> * _ : _
> * action_controller.request.path_parameters :
> formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce
> 10d
> * action_controller.request.query_parameters :
> * action_controller.request.request_parameters: authenticity_token/y/
> G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput
> * action_controller.rescue.request :
> #<ActionController::Request:0x7f1e3e134f80>
> * action_controller.rescue.response :
> #<ActionController::Response:0x7f1e3e130778>
> * rack.errors : #<IO:0x7f1e47c9cea0>
> * rack.input :
> #<Rack::RewindableInput:0x7f1e3e13ee40>
> * rack.methodoverride.original_method : POST
> * rack.multiprocess : true
> * rack.multithread : false
> * rack.request.cookie_hash :
> __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utm
> b136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.ut
> mcsr=
> (direct)|utmccn=(direct)|utmcmd=(none)
> _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlN
> zA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMv
> VNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo
> OjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_t
> oken__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172
> :S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1
> * rack.request.cookie_string :
> __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2;
> __utmb=136279534.11.10.1250110149;
> __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=
> (none);
> _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNz
> A6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvV
> lFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xs
> ZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA
> %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634;
> __qca=12421797-11318-372251; __qcb;
> __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg;
> auth_token=; __unam=7639673-12310665fd4-665da270-1
> * rack.request.form_hash : authenticity_token/y/
> G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput
> * rack.request.form_input :
> #<Rack::RewindableInput:0x7f1e3e13ee40>
> * rack.request.form_vars :
> _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs
> %3D
> * rack.request.query_hash :
> * rack.request.query_string :
> * rack.run_once : false
> * rack.session :
> session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/
> G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21
> * rack.session.options : path/
> expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_s
> ession_id
> * rack.url_scheme : http
> * rack.version : 10
>
> * Process: 20353
> * Server : exampleproduction
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
