Session expires randomly after clicking in groups view #722

Closed
jerboaa opened this Issue Mar 14, 2012 · 15 comments

Comments

Projects
None yet
5 participants
@jerboaa
Member

jerboaa commented Mar 14, 2012

Steps to reproduce:

  1. Log in to sandbox.markusproject.org
  2. Go to the groups tab.
  3. Try to delete/rename a group
  4. Click on the assignments tab
  5. Session expired for some reason

Could this be a side effect of the cookie detection?

@ghost ghost assigned cy Mar 14, 2012

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 14, 2012

Member

@ctcyu Could you have a look at this? Let us know if it's not cookie detection/session update related.

Member

jerboaa commented Mar 14, 2012

@ctcyu Could you have a look at this? Let us know if it's not cookie detection/session update related.

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 14, 2012

Member

@baadshah02 Does this ring any bell for you?

Member

jerboaa commented Mar 14, 2012

@baadshah02 Does this ring any bell for you?

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 14, 2012

Member

Perhaps this is only related to a missing <%= csrf_meta_tag %>?

Member

jerboaa commented Mar 14, 2012

Perhaps this is only related to a missing <%= csrf_meta_tag %>?

@baadshah02

This comment has been minimized.

Show comment
Hide comment
@baadshah02

baadshah02 Mar 14, 2012

Contributor

@jerboaa, Not sure why it's doing it. It could be because of the <%=csrf_meta_tag%>. I think I was asked to remove it by Danesh.

Contributor

baadshah02 commented Mar 14, 2012

@jerboaa, Not sure why it's doing it. It could be because of the <%=csrf_meta_tag%>. I think I was asked to remove it by Danesh.

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 14, 2012

Member

@baadshah02 Could you test and report if the issue is gone. Thanks!

Member

jerboaa commented Mar 14, 2012

@baadshah02 Could you test and report if the issue is gone. Thanks!

@baadshah02

This comment has been minimized.

Show comment
Hide comment
@baadshah02

baadshah02 Mar 15, 2012

Contributor

@jerboaa it seems like there is a <%=csrf_meta_tag%> in the index page of Groups. So then it may not be because of that.

Contributor

baadshah02 commented Mar 15, 2012

@jerboaa it seems like there is a <%=csrf_meta_tag%> in the index page of Groups. So then it may not be because of that.

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 15, 2012

Member

@baadshah02 OK, thanks! Something is fishy with respect to ajax calls we are doing. They all come back with a please-log-in response. hmm....

Member

jerboaa commented Mar 15, 2012

@baadshah02 OK, thanks! Something is fishy with respect to ajax calls we are doing. They all come back with a please-log-in response. hmm....

@hansonwu

This comment has been minimized.

Show comment
Hide comment
@hansonwu

hansonwu Mar 16, 2012

Contributor

@jerboaa Is the sandbox the one built off the master branch?

@baadshah02 this is after your fix for all the groups actions went in? I suspected it wouldn't work because you are doing a link_to() with a :method other than :post. I remember bringing it up in codereview.

Anyhow, in reality it "should" work if we have the up-to-date prototype-ujs support for rails, which I'm not sure we do. As it stands, looks like something is funky with our prototype-ujs that is causing these problems. I think that's where we should investigate. Not positive, but I don't think it has anything to do with cookies.
https://github.com/rails/prototype-ujs

I ran into similar problems when working on the link_to() stuff. If you try to use link_to() to do a :delete or :put, then it just returns a "302 redirect" and logs you out of the system.

Contributor

hansonwu commented Mar 16, 2012

@jerboaa Is the sandbox the one built off the master branch?

@baadshah02 this is after your fix for all the groups actions went in? I suspected it wouldn't work because you are doing a link_to() with a :method other than :post. I remember bringing it up in codereview.

Anyhow, in reality it "should" work if we have the up-to-date prototype-ujs support for rails, which I'm not sure we do. As it stands, looks like something is funky with our prototype-ujs that is causing these problems. I think that's where we should investigate. Not positive, but I don't think it has anything to do with cookies.
https://github.com/rails/prototype-ujs

I ran into similar problems when working on the link_to() stuff. If you try to use link_to() to do a :delete or :put, then it just returns a "302 redirect" and logs you out of the system.

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 17, 2012

Member

@hansonwu Yes. sanbox is master based. Thanks for the heads-up. You are probably onto something. What's weird is that I'm pretty sure it worked for me at some point. In any case it's a high priority to get this fixed.

Member

jerboaa commented Mar 17, 2012

@hansonwu Yes. sanbox is master based. Thanks for the heads-up. You are probably onto something. What's weird is that I'm pretty sure it worked for me at some point. In any case it's a high priority to get this fixed.

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 17, 2012

Member

BTW. I'm not yet 100% positive that we can rule csrf-tags problems out. Would have to dig into the code a bit and I am a bit swamped at the moment.

Member

jerboaa commented Mar 17, 2012

BTW. I'm not yet 100% positive that we can rule csrf-tags problems out. Would have to dig into the code a bit and I am a bit swamped at the moment.

@baadshah02

This comment has been minimized.

Show comment
Hide comment
@baadshah02

baadshah02 Mar 17, 2012

Contributor

@hansonwu yes i think you're right. I remember you mentioned it in the code review but I might have missed this scenario at the time being. I think I did encounter this issue, but I thought it was because I let session be idle for too long. I did some digging and found that link_to() causes errors for any links other than GET. The most apt solution i found so far is to use button_to() but we can't use that in this case. @hansonwu, @jerboaa, do you have any suggestions as to what we can do to fix this?

Contributor

baadshah02 commented Mar 17, 2012

@hansonwu yes i think you're right. I remember you mentioned it in the code review but I might have missed this scenario at the time being. I think I did encounter this issue, but I thought it was because I let session be idle for too long. I did some digging and found that link_to() causes errors for any links other than GET. The most apt solution i found so far is to use button_to() but we can't use that in this case. @hansonwu, @jerboaa, do you have any suggestions as to what we can do to fix this?

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 17, 2012

Member

@baadshah02 I'm doubtful that we'll be able to use buttons on this page. It would clutter things too much. Having said that, if there is an easy way to create an image button that could work. Something like

button_tag(:type => 'button') do
  image_tag(path-to-image)
end

might work. See[1]

Back to trying to fix link_to: What is the order of included js files on this page? See http://railsforum.com/viewtopic.php?id=38460 Have you tried putting rails.js last?

[1] http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html#method-i-button_tag

Member

jerboaa commented Mar 17, 2012

@baadshah02 I'm doubtful that we'll be able to use buttons on this page. It would clutter things too much. Having said that, if there is an easy way to create an image button that could work. Something like

button_tag(:type => 'button') do
  image_tag(path-to-image)
end

might work. See[1]

Back to trying to fix link_to: What is the order of included js files on this page? See http://railsforum.com/viewtopic.php?id=38460 Have you tried putting rails.js last?

[1] http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html#method-i-button_tag

@ghost ghost assigned baadshah02 Mar 17, 2012

@baadshah02

This comment has been minimized.

Show comment
Hide comment
@baadshah02

baadshah02 Mar 17, 2012

Contributor

@jerboaa, putting 'rails.js' last fixes it! should i put this on RB?

Contributor

baadshah02 commented Mar 17, 2012

@jerboaa, putting 'rails.js' last fixes it! should i put this on RB?

@jerboaa

This comment has been minimized.

Show comment
Hide comment
@jerboaa

jerboaa Mar 17, 2012

Member

yes.

Member

jerboaa commented Mar 17, 2012

yes.

@baadshah02

This comment has been minimized.

Show comment
Hide comment
@baadshah02

baadshah02 Mar 17, 2012

Contributor

ok it's done..thanks for the fix. sorry i didn't see this before hand though. :)

Contributor

baadshah02 commented Mar 17, 2012

ok it's done..thanks for the fix. sorry i didn't see this before hand though. :)

@baadshah02 baadshah02 referenced this issue Mar 26, 2012

Closed

Edit group #733

@reidka reidka closed this Jul 28, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment