I've seen these in production - but I've never been able to run down the source. It's always IE that's causing them, though. I think there may be some PC antivirus or "accelerator" that's trying to prefetch stuff but doing it wrong...
--Matt Jones On Aug 12, 9:30 pm, Jimmy <[email protected]> wrote: > I'm using an exception notification plugin which sends me an email > whenever an exception is raised on the rails server. Regularly I'm > getting exception reports due to raising a PermissionDenied exception > when a user has no access or because rails complains about an invalid > authenticity token. > > I can never reproduce these. And in 99% of the cases it works fine for > our users, but there's a 1% for whom it apparently fails. > > These exceptions are always due to an action triggered by an ajax > request. > > The content of the exception report is always something like below. > > The thing I find odd is that the HTTP_COOKIE indicates the user is > logged in, but the session section reports a session_id of nil. I.e., > the code will see the user as logged out, and raise an access denied > exception. > > In my log I can see that subsequent (non-Ajax) requests from the same > user do work fine. > > I also notice that all exception reports are always from MSIE6.0 and > MSIE7.0 clients. > > I'm using jQuery. > > I was wondering if anyone else has seen issues like this. Is there a > known cause and/or workaround / solution? > > Cheers, > Jimmy > > ------------------------------- > Request: > ------------------------------- > > * URL :http://example.com/ajaxaction > * IP address: 165.86.81.25 > * Parameters: {"format"=>"json", "action"=>"ajaxaction", > "_method"=>"put", "authenticity_token"=>"/y/ > G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", > "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} > * Rails root: /var/www/production.example.com/releases/ > 20090812034504 > > ------------------------------- > Session: > ------------------------------- > > * session id: nil > * data: nil > > ------------------------------- > Environment: > ------------------------------- > > * CONTENT_LENGTH : 83 > * CONTENT_TYPE : application/x-www- > form-urlencoded > * DOCUMENT_ROOT : /var/www/ > production.example.com/current/public > * HTTP_ACCEPT : application/json, > text/javascript, */*, text/javascript > * HTTP_ACCEPT_LANGUAGE : en-au > * HTTP_CONNECTION : Keep-Alive > * HTTP_CONTENT_TYPE : application/x-www- > form-urlencoded > * HTTP_COOKIE : > __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; > __utmb=133279534.11.30.1230110149; > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= > (none); > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NT > RhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZN > kVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNv > bnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA > %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; > __qca=1242135797-11579318-30372251; __qcb=496730851; > __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Ed g; > auth_token=; __unam=7659673-12310665fd4-664da270-1 > * HTTP_HOST : example.com > * HTTP_PRAGMA : no-cache > * HTTP_REFERER :http://example.com/ > * HTTP_USER_AGENT : Mozilla/4.0 > (compatible; MSIE 6.0; Windows NT 5.1; SV1) > * HTTP_VIA : 1.0 GWD-BK7-PXY01, > 1.1 GWD-BK7-PXY03 > * HTTP_X_NOVINET : v1.2 > * HTTP_X_REQUESTED_WITH : XMLHttpRequest > * PATH_INFO : /ajaxaction > * QUERY_STRING : > * REMOTE_ADDR : 165.86.81.25 > * REMOTE_PORT : 41604 > * REQUEST_METHOD : PUT > * REQUEST_URI : /ajaxaction > * SCRIPT_NAME : > * SERVER_ADDR : 100.22.88.200 > * SERVER_ADMIN : > [email protected] > * SERVER_NAME : example.com > * SERVER_PORT : 80 > * SERVER_PROTOCOL : HTTP/1.1 > * SERVER_SOFTWARE : Apache/2.2.8 > (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 > * _ : _ > * action_controller.request.path_parameters : > formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce > 10d > * action_controller.request.query_parameters : > * action_controller.request.request_parameters: authenticity_token/y/ > G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput > * action_controller.rescue.request : > #<ActionController::Request:0x7f1e3e134f80> > * action_controller.rescue.response : > #<ActionController::Response:0x7f1e3e130778> > * rack.errors : #<IO:0x7f1e47c9cea0> > * rack.input : > #<Rack::RewindableInput:0x7f1e3e13ee40> > * rack.methodoverride.original_method : POST > * rack.multiprocess : true > * rack.multithread : false > * rack.request.cookie_hash : > __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utm > b136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.ut > mcsr= > (direct)|utmccn=(direct)|utmcmd=(none) > _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlN > zA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMv > VNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo > OjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_t > oken__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172 > :S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 > * rack.request.cookie_string : > __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; > __utmb=136279534.11.10.1250110149; > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= > (none); > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNz > A6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvV > lFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xs > ZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA > %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; > __qca=12421797-11318-372251; __qcb; > __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; > auth_token=; __unam=7639673-12310665fd4-665da270-1 > * rack.request.form_hash : authenticity_token/y/ > G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput > * rack.request.form_input : > #<Rack::RewindableInput:0x7f1e3e13ee40> > * rack.request.form_vars : > _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs > %3D > * rack.request.query_hash : > * rack.request.query_string : > * rack.run_once : false > * rack.session : > session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ > G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 > * rack.session.options : path/ > expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_s > ession_id > * rack.url_scheme : http > * rack.version : 10 > > * Process: 20353 > * Server : exampleproduction --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
