Re: Camping sessions issue (and fix?) when mounting multiple apps
Ace - cheers! On Mon, Nov 2, 2009 at 3:13 PM, Magnus Holm judo...@gmail.com wrote: Okay, I think we're actually fine by setting :path = / by default. If you want anything different, you should use use Rack::Session::Cookie yourself. //Magnus Holm On Mon, Oct 19, 2009 at 19:14, Jonathan Hickford jonathan.hickford+camp...@gmail.comjonathan.hickford%2bcamp...@gmail.com wrote: Hi, I'd be inclined to agree with the middleware approach too, especially if it's pre 2.0 release and that change can be made along side other 1.5 - 2.0 changes Jon On Sun, Oct 18, 2009 at 9:31 PM, Magnus Holm judo...@gmail.com wrote: Wow, great catch! This is definitely a bug. I guess this should go to GitHub issues, yes. This is actually an issue where Camping and Rack::Session::Cookie fight: At the first request, sessions.state is set in ::Cookie after Camping has done its magic. At the second request, Camping loads @state from @env['rack.state'], the app changes the session, but @cookie['sessions.state'] stays intact. Camping's #to_a then sets the cookies again in the response: @cookies.each do |k, v| v = {:value = v, :path = self / /} if String === v r.set_cookie(k, v) end Which means that it sets a sessions.state-cookie at /sessions/. Then ::Cookies kicks in and figures out that the sessions have changed and sets a new cookie, but this time at /. (This also has the effect that Camping copies all the cookies at / into /sessions/) At the third request, Rack chooses cookies such that those with more specific Path attributes precede those with less specific, and the cookie at /sessions/ wins. Your fix won't unfornately work because @root is only available inside a request/controller. I think we need to do two things: * Make sure Camping only sets cookies when they've changed. * Figure out a way to set :path to SCRIPT_NAME. If so, this should only be an option, as you might also want to mount two apps and have them share the sessions (aka :path = '/'). I'm not quite sure how we should add that option, though. We could switch Camping::Session to be a middleware, but this means all apps will have to change include Camping::Session to use Camping::Session. It's maybe not such a big deal? We should at least do these kind of changes *before* the release of 2.0. Some examples: # Middleware use Camping::Session, :secret = foo, :shared = true # Subclass include Camping::Session::Shared secret foo # New method include Camping::Session secret foo shared_cookie! # Merge #secret and #shared_cookie! together include Camping::Session session_options :secret = foo, :shared = true I think I actually prefer the middleware-version. It's short and concise and can be extended with more options if needed. What do you think? //Magnus Holm On Sun, Oct 18, 2009 at 19:59, Jonathan Hickford jonathan.hickford+camp...@gmail.comjonathan.hickford%2bcamp...@gmail.com wrote: Hi all, Not sure where best to raise this (github issues?) but I'm seeing an issue with the cookie sessions in camping 2.0 using rack. If I mount an app such as the example blog or the sessions test app at any url that is not the root session information is lost in some cases. Same thing happens if I use the built in Camping server. For example if I mount the blog app using rackup at '/blog' I'm unable to log in. If I mount the sessions test app the information added on the second page is lost when it reaches page three. Looking at the cookies in the browser I can see two state cookies set with the paths '/' and '/blog/'. I'm guessing this is to do with Rack::Session::Cookie in session.rb, which will default to use :path = '/' in all cases. If I explicitly add :path = '/blog/' there it starts working as expected. Some more detailed outputs here (this will run from /test) http://pastebin.com/m6c13a4aa Is that me doing something crazy there (I'm not expert!) or is that a bug? If that's an issue I think the below change to session.rb fixes it, passing in the apps @root into the path Rack's session cookie middleware. I can push that somewhere if we reckon that's a fix? - app.use Rack::Session::Cookie, :key = key, :secret = secret + app.use Rack::Session::Cookie, :key = key, :secret = secret, :path = @root Regards, Jon ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping sessions issue (and fix?) when mounting multiple apps
Hi, I'd be inclined to agree with the middleware approach too, especially if it's pre 2.0 release and that change can be made along side other 1.5 - 2.0 changes Jon On Sun, Oct 18, 2009 at 9:31 PM, Magnus Holm judo...@gmail.com wrote: Wow, great catch! This is definitely a bug. I guess this should go to GitHub issues, yes. This is actually an issue where Camping and Rack::Session::Cookie fight: At the first request, sessions.state is set in ::Cookie after Camping has done its magic. At the second request, Camping loads @state from @env['rack.state'], the app changes the session, but @cookie['sessions.state'] stays intact. Camping's #to_a then sets the cookies again in the response: �...@cookies.each do |k, v| v = {:value = v, :path = self / /} if String === v r.set_cookie(k, v) end Which means that it sets a sessions.state-cookie at /sessions/. Then ::Cookies kicks in and figures out that the sessions have changed and sets a new cookie, but this time at /. (This also has the effect that Camping copies all the cookies at / into /sessions/) At the third request, Rack chooses cookies such that those with more specific Path attributes precede those with less specific, and the cookie at /sessions/ wins. Your fix won't unfornately work because @root is only available inside a request/controller. I think we need to do two things: * Make sure Camping only sets cookies when they've changed. * Figure out a way to set :path to SCRIPT_NAME. If so, this should only be an option, as you might also want to mount two apps and have them share the sessions (aka :path = '/'). I'm not quite sure how we should add that option, though. We could switch Camping::Session to be a middleware, but this means all apps will have to change include Camping::Session to use Camping::Session. It's maybe not such a big deal? We should at least do these kind of changes *before* the release of 2.0. Some examples: # Middleware use Camping::Session, :secret = foo, :shared = true # Subclass include Camping::Session::Shared secret foo # New method include Camping::Session secret foo shared_cookie! # Merge #secret and #shared_cookie! together include Camping::Session session_options :secret = foo, :shared = true I think I actually prefer the middleware-version. It's short and concise and can be extended with more options if needed. What do you think? //Magnus Holm On Sun, Oct 18, 2009 at 19:59, Jonathan Hickford jonathan.hickford+camp...@gmail.com wrote: Hi all, Not sure where best to raise this (github issues?) but I'm seeing an issue with the cookie sessions in camping 2.0 using rack. If I mount an app such as the example blog or the sessions test app at any url that is not the root session information is lost in some cases. Same thing happens if I use the built in Camping server. For example if I mount the blog app using rackup at '/blog' I'm unable to log in. If I mount the sessions test app the information added on the second page is lost when it reaches page three. Looking at the cookies in the browser I can see two state cookies set with the paths '/' and '/blog/'. I'm guessing this is to do with Rack::Session::Cookie in session.rb, which will default to use :path = '/' in all cases. If I explicitly add :path = '/blog/' there it starts working as expected. Some more detailed outputs here (this will run from /test) http://pastebin.com/m6c13a4aa Is that me doing something crazy there (I'm not expert!) or is that a bug? If that's an issue I think the below change to session.rb fixes it, passing in the apps @root into the path Rack's session cookie middleware. I can push that somewhere if we reckon that's a fix? - app.use Rack::Session::Cookie, :key = key, :secret = secret + app.use Rack::Session::Cookie, :key = key, :secret = secret, :path = @root Regards, Jon ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Camping sessions issue (and fix?) when mounting multiple apps
Hi all, Not sure where best to raise this (github issues?) but I'm seeing an issue with the cookie sessions in camping 2.0 using rack. If I mount an app such as the example blog or the sessions test app at any url that is not the root session information is lost in some cases. Same thing happens if I use the built in Camping server. For example if I mount the blog app using rackup at '/blog' I'm unable to log in. If I mount the sessions test app the information added on the second page is lost when it reaches page three. Looking at the cookies in the browser I can see two state cookies set with the paths '/' and '/blog/'. I'm guessing this is to do with Rack::Session::Cookie in session.rb, which will default to use :path = '/' in all cases. If I explicitly add :path = '/blog/' there it starts working as expected. Some more detailed outputs here (this will run from /test) http://pastebin.com/m6c13a4aa Is that me doing something crazy there (I'm not expert!) or is that a bug? If that's an issue I think the below change to session.rb fixes it, passing in the apps @root into the path Rack's session cookie middleware. I can push that somewhere if we reckon that's a fix? - app.use Rack::Session::Cookie, :key = key, :secret = secret + app.use Rack::Session::Cookie, :key = key, :secret = secret, :path = @root Regards, Jon ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping sessions issue (and fix?) when mounting multiple apps
Wow, great catch! This is definitely a bug. I guess this should go to GitHub issues, yes. This is actually an issue where Camping and Rack::Session::Cookie fight: At the first request, sessions.state is set in ::Cookie after Camping has done its magic. At the second request, Camping loads @state from @env['rack.state'], the app changes the session, but @cookie['sessions.state'] stays intact. Camping's #to_a then sets the cookies again in the response: @cookies.each do |k, v| v = {:value = v, :path = self / /} if String === v r.set_cookie(k, v) end Which means that it sets a sessions.state-cookie at /sessions/. Then ::Cookies kicks in and figures out that the sessions have changed and sets a new cookie, but this time at /. (This also has the effect that Camping copies all the cookies at / into /sessions/) At the third request, Rack chooses cookies such that those with more specific Path attributes precede those with less specific, and the cookie at /sessions/ wins. Your fix won't unfornately work because @root is only available inside a request/controller. I think we need to do two things: * Make sure Camping only sets cookies when they've changed. * Figure out a way to set :path to SCRIPT_NAME. If so, this should only be an option, as you might also want to mount two apps and have them share the sessions (aka :path = '/'). I'm not quite sure how we should add that option, though. We could switch Camping::Session to be a middleware, but this means all apps will have to change include Camping::Session to use Camping::Session. It's maybe not such a big deal? We should at least do these kind of changes *before* the release of 2.0. Some examples: # Middleware use Camping::Session, :secret = foo, :shared = true # Subclass include Camping::Session::Shared secret foo # New method include Camping::Session secret foo shared_cookie! # Merge #secret and #shared_cookie! together include Camping::Session session_options :secret = foo, :shared = true I think I actually prefer the middleware-version. It's short and concise and can be extended with more options if needed. What do you think? //Magnus Holm On Sun, Oct 18, 2009 at 19:59, Jonathan Hickford jonathan.hickford+camp...@gmail.com wrote: Hi all, Not sure where best to raise this (github issues?) but I'm seeing an issue with the cookie sessions in camping 2.0 using rack. If I mount an app such as the example blog or the sessions test app at any url that is not the root session information is lost in some cases. Same thing happens if I use the built in Camping server. For example if I mount the blog app using rackup at '/blog' I'm unable to log in. If I mount the sessions test app the information added on the second page is lost when it reaches page three. Looking at the cookies in the browser I can see two state cookies set with the paths '/' and '/blog/'. I'm guessing this is to do with Rack::Session::Cookie in session.rb, which will default to use :path = '/' in all cases. If I explicitly add :path = '/blog/' there it starts working as expected. Some more detailed outputs here (this will run from /test) http://pastebin.com/m6c13a4aa Is that me doing something crazy there (I'm not expert!) or is that a bug? If that's an issue I think the below change to session.rb fixes it, passing in the apps @root into the path Rack's session cookie middleware. I can push that somewhere if we reckon that's a fix? - app.use Rack::Session::Cookie, :key = key, :secret = secret + app.use Rack::Session::Cookie, :key = key, :secret = secret, :path = @root Regards, Jon ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list