SessionStore does not write session if internals of session['flash'] are modified #30

Closed
devrandom1 opened this Issue Dec 7, 2011 · 4 comments

Comments

Projects
None yet
3 participants

SessionStore::Session.set_session gets the memorized session model instance from env, then updates session_data. However, session.dirty? is false even if the internals of the flash changed, because they were already modified by the flash object.

The fix seems to be to replace:

session = get_session_resource(env, sid)

with

session = find_session(sid)

to get a fresh copy.

+1

I'm seeing the same thing. It seems like the real issue is that the data attribute isn't properly detecting that it is dirty.

EDIT:
I take that back. The active_record session store clears out env[SESSION_RECORD_KEY] and generates a new session id on #destroy_session. Changing the dm session_store to do the same fixes the issue for me:

def destroy_session(env, sid = nil, options = {})
    sid ||= current_session_id(env)
    find_session(sid).destroy
    env[SESSION_RECORD_KEY] = nil
    generate_sid
end
Owner

tpitale commented Oct 22, 2012

+1 I'm still seeing this as an issue. Any chance of a fix, 9 months on?

Owner

tpitale commented Feb 7, 2016

This is unlikely to be fixed. We may even remove this implementation from the session store. Dirtiness is dependent on object id changing, but when you change the internals of a hash, it does not change, IIRC.

Will take a look again to confirm.

tpitale self-assigned this Feb 7, 2016

tpitale closed this Jul 29, 2016

Owner

tpitale commented Jul 29, 2016

This is definitely a dirtiness tracking issue for the internals of a hash. Unlikely to ever be fixed afaict. There are some hacks around tracking, but I don't think they apply well here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment