Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[#5781] Check session sizes before saving a timesheet params into the…

… cookie

Cookies can only have 4K of data so with large Timesheets (lots of projects,
activities, users) it is easy to store too large of a string into the cookie.

Only using 2K of the cookie because ChiliProject needs some storage too.
  • Loading branch information...
commit ba4876ac5ad6d69232b6791eb9a8f1171260e026 1 parent 53f996f
@edavis10 authored
View
8 app/controllers/timesheet_controller.rb
@@ -148,10 +148,16 @@ def load_filters_from_session
def save_filters_to_session(timesheet)
if params[:timesheet]
- session[SessionKey] = params[:timesheet]
+ # Check that the params will fit in the session before saving
+ # prevents an ActionController::Session::CookieStore::CookieOverflow
+ encoded = Base64.encode64(Marshal.dump(params[:timesheet]))
+ if encoded.size < 2.kilobytes # Only use 2K of the cookie
+ session[SessionKey] = params[:timesheet]
+ end
end
if timesheet
+ session[SessionKey] ||= {}
session[SessionKey]['date_from'] = timesheet.date_from
session[SessionKey]['date_to'] = timesheet.date_to
end
View
44 test/integration/session_storage_test.rb
@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class SessionStorageTest < ActionController::IntegrationTest
+ def setup
+ @project1 = Project.generate!
+ @project2 = Project.generate!
+
+ @admin_user = User.generate!(:login => 'theadmin', :admin => true, :password => 'testing', :password_confirmation => 'testing')
+ @role = Role.generate!(:permissions => [:view_time_entries])
+ @project = Project.generate!
+ Member.generate!(:principal => @admin_user, :project => @project, :roles => [@role])
+ end
+
+ context "when running a report" do
+ setup do
+ login_as(@admin_user.login, "testing")
+ end
+
+ should "save the timesheet params to the session"
+ should "reuse the session params when loading a fresh timesheet"
+ should "not save the timesheet params if it would overflow the cookie store" do
+ # Since sessions are 4K, make a ton of Activities to load into the session (they are faster than Projects/Users)
+ 1000.times {|i| self.instance_variable_set("@activity_#{i}", TimeEntryActivity.generate!.reload) }
+ click_link "Timesheet"
+ choose "timesheet_period_type_1" # Pre-defined
+ select "all time", :from => 'timesheet_period'
+ select "Project", :from => 'timesheet_sort'
+ select @project1.name, :from => 'Project:'
+ select @project2.name, :from => 'Project:'
+ 1000.times {|i|
+ select(self.instance_variable_get("@activity_#{i}").name, :from => "timesheet_activities_")
+ }
+
+ assert_nothing_raised do
+ click_button 'Apply'
+
+ click_link "Timesheet"
+ assert_response :success # loads the cookie
+ end
+ end
+
+ end
+
+end
Please sign in to comment.
Something went wrong with that request. Please try again.