This action is triggered by pressing a button which executes a piece of javascript.. the setup is done in a jquery document ready block of code. It would highly surprise me if a prefetcher would trigger that button.
As the action is triggered by a user action, I also don't think this should give a concurrent request problem. (the app runs in passenger too, I was under the impression that within passenger you shouldn't run into any concurrency issues anyways?) The source is indeed always an MSIE browser, which would suggest a browser issue. However, seeing that the browser does send a correct cookie with the session id in there, I wonder if for some reason the rails server can't match the session... Jimmy On Aug 13, 9:36 pm, Matt Jones <[email protected]> wrote: > I've seen these in production - but I've never been able to run down > the source. It's always IE that's causing them, though. I think there > may be some PC antivirus or "accelerator" that's trying to prefetch > stuff but doing it wrong... > > --Matt Jones > > On Aug 12, 9:30 pm, Jimmy <[email protected]> wrote: > > > I'm using an exception notification plugin which sends me an email > > whenever an exception is raised on the rails server. Regularly I'm > > getting exception reports due to raising a PermissionDenied exception > > when a user has no access or because rails complains about an invalid > > authenticity token. > > > I can never reproduce these. And in 99% of the cases it works fine for > > our users, but there's a 1% for whom it apparently fails. > > > These exceptions are always due to an action triggered by an ajax > > request. > > > The content of the exception report is always something like below. > > > The thing I find odd is that the HTTP_COOKIE indicates the user is > > logged in, but the session section reports a session_id of nil. I.e., > > the code will see the user as logged out, and raise an access denied > > exception. > > > In my log I can see that subsequent (non-Ajax) requests from the same > > user do work fine. > > > I also notice that all exception reports are always from MSIE6.0 and > > MSIE7.0 clients. > > > I'm using jQuery. > > > I was wondering if anyone else has seen issues like this. Is there a > > known cause and/or workaround / solution? > > > Cheers, > > Jimmy > > > ------------------------------- > > Request: > > ------------------------------- > > > * URL :http://example.com/ajaxaction > > * IP address: 165.86.81.25 > > * Parameters: {"format"=>"json", "action"=>"ajaxaction", > > "_method"=>"put", "authenticity_token"=>"/y/ > > G2RkIl8kQjgkc934aui8iEvJ1HeOfCY6EnB3/VQs=", "controller"=>"posts", > > "invitation_code"=>"4ba96ffdcb92dc054bbf5fb803099645cc1ce10d"} > > * Rails root: /var/www/production.example.com/releases/ > > 20090812034504 > > > ------------------------------- > > Session: > > ------------------------------- > > > * session id: nil > > * data: nil > > > ------------------------------- > > Environment: > > ------------------------------- > > > * CONTENT_LENGTH : 83 > > * CONTENT_TYPE : application/x-www- > > form-urlencoded > > * DOCUMENT_ROOT : /var/www/ > > production.example.com/current/public > > * HTTP_ACCEPT : application/json, > > text/javascript, */*, text/javascript > > * HTTP_ACCEPT_LANGUAGE : en-au > > * HTTP_CONNECTION : Keep-Alive > > * HTTP_CONTENT_TYPE : application/x-www- > > form-urlencoded > > * HTTP_COOKIE : > > __utma=136239534.4438442336996744000.1340901452.12403901452.1250110149.2; > > __utmb=133279534.11.30.1230110149; > > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= > > (none); > > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NT > > RhZTJlNzA6EF9jc3JmX3Rva2VuIjEveS9HMlJrS3w4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZN > > kVuQjMvVlFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNv > > bnRyb2xsZXI6OkZsYXNoOjpGbGFz3Ehhc2h7AAY6CkB1c2VkewA > > %3D--9a490353a0b021dead9cbd438fd97997eb22c70a; __utmc=136579534; > > __qca=1242135797-11579318-30372251; __qcb=496730851; > > __gads=ID=4b3d13fa4267a99d:T=1250110172:S=ALNI_MZjarEIGP8SctjtUWhuKtWFvl7Ed > > g; > > auth_token=; __unam=7659673-12310665fd4-664da270-1 > > * HTTP_HOST : example.com > > * HTTP_PRAGMA : no-cache > > * HTTP_REFERER :http://example.com/ > > * HTTP_USER_AGENT : Mozilla/4.0 > > (compatible; MSIE 6.0; Windows NT 5.1; SV1) > > * HTTP_VIA : 1.0 GWD-BK7-PXY01, > > 1.1 GWD-BK7-PXY03 > > * HTTP_X_NOVINET : v1.2 > > * HTTP_X_REQUESTED_WITH : XMLHttpRequest > > * PATH_INFO : /ajaxaction > > * QUERY_STRING : > > * REMOTE_ADDR : 165.86.81.25 > > * REMOTE_PORT : 41604 > > * REQUEST_METHOD : PUT > > * REQUEST_URI : /ajaxaction > > * SCRIPT_NAME : > > * SERVER_ADDR : 100.22.88.200 > > * SERVER_ADMIN : > > [email protected] > > * SERVER_NAME : example.com > > * SERVER_PORT : 80 > > * SERVER_PROTOCOL : HTTP/1.1 > > * SERVER_SOFTWARE : Apache/2.2.8 > > (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.3 > > * _ : _ > > * action_controller.request.path_parameters : > > formatjsonactionaccept_postscontroller4ba96ffdcb92dc054bbf5fb803099645cc1ce > > 10d > > * action_controller.request.query_parameters : > > * action_controller.request.request_parameters: authenticity_token/y/ > > G2RkIl8kQjgkc8i6aui8iEvJ1HeOfCY6EnB3/VQs=_methodput > > * action_controller.rescue.request : > > #<ActionController::Request:0x7f1e3e134f80> > > * action_controller.rescue.response : > > #<ActionController::Response:0x7f1e3e130778> > > * rack.errors : #<IO:0x7f1e47c9cea0> > > * rack.input : > > #<Rack::RewindableInput:0x7f1e3e13ee40> > > * rack.methodoverride.original_method : POST > > * rack.multiprocess : true > > * rack.multithread : false > > * rack.request.cookie_hash : > > __utma136279534.4458442336996744000.1240901452.1240901452.1250110149.2__utm > > b136279534.11.10.1250110149__utmc136279534__utmz136279534.1240901452.1.1.ut > > mcsr= > > (direct)|utmccn=(direct)|utmcmd=(none) > > _example_sessionBAh7Czc2lvbl9pZCIlMWQ3ZWIwYTJlYzRkNGI2OTk0MTVjYWE3NTRhZTJlN > > zA6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMv > > VNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXN6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo > > OjpGbGFzaEhhc2h7AAY6CkB1c2VkewA=--9a490353a0b021dead28fd97997eb22c70aauth_t > > oken__qca1245797-19318-302251__qcb4740851__gadsID=4b3d18f7a99d:T=1250110172 > > :S=ALNI_MZjarEIGPtUWhuKtWFvl7Edg__unam7639673-123665fd4-665da270-1 > > * rack.request.cookie_string : > > __utma=136279534.4458442336996744000.1240901452.1240901452.1250110149.2; > > __utmb=136279534.11.10.1250110149; > > __utmz=136279534.1240901452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= > > (none); > > _example_session=BAh7CjoPc2Vzc2lvbl9pZCIlMWQ3ZWIwYTJ2OTk0MTVjYWE3NTRhZTJlNz > > A6EF9jc3JmX3Rva2VuIjEveS9HMlJrSWw4a1FqZ2tjOGk2YXVpOGlFdkoxSGVPZkNZNkVuQjMvV > > lFzPToMdXNlcl9pZGkCw2o6CHNzaSINLGxpYnJhcnkiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xs > > ZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA > > %3D--9a490353a0b02fd97997eb22c70a; __utmc=13634; > > __qca=12421797-11318-372251; __qcb; > > __gads=ID=4b3d18fa4267a99d:T=1250110172:S=ALNI_MZjarEhuKtWFvl7Edg; > > auth_token=; __unam=7639673-12310665fd4-665da270-1 > > * rack.request.form_hash : authenticity_token/y/ > > G2RkIl8kQjgkc8J1HeOfCY6EnB3/VQs=_methodput > > * rack.request.form_input : > > #<Rack::RewindableInput:0x7f1e3e13ee40> > > * rack.request.form_vars : > > _method=put&authenticity_token=%2Fy%2FG2RkIl8kQjiEvJ1HeOfCY6EnB3%2FVQs > > %3D > > * rack.request.query_hash : > > * rack.request.query_string : > > * rack.run_once : false > > * rack.session : > > session_id1d7eb0a2ec4aa754ae2e70_csrf_token/y/ > > G2RkIl8ui8iEvJ1HeOfCY6EnB3/VQs=user_id21 > > * rack.session.options : path/ > > expire_afterhttponlytruedomain.example.comid1d7eb0a2ec4d4b69a754ae2e70key_s > > ession_id > > * rack.url_scheme : http > > * rack.version : 10 > > > * Process: 20353 > > * Server : exampleproduction --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
