NPE when attempting to use cookie session store #41
2 participants
Actually, I just removed the :http-only parameter from the configuration map and it now works. It appears as if the problem is caused by passing ":http-only true" to the configuration map for :cookie-attrs.
I've investigated this, and I eventually uncovered the problem.
The root cause is Noir 1.2.1's dependencies, and the unintuitive way they're being resolve. Noir 1.2.1 depends on Ring 1.0.0-RC1, which in turn depends on Ring-Core 1.0.0-RC1. But Noir also depends on Compojure 0.6.5, which depends on Ring-Core 0.3.11.
Now, I'd expect these dependencies to resolve with Ring-Core 1.0.0-RC1, but when I removed the :local-repo-classpath option from your project.clj file, and took a look at the dependencies in lib, it was Ring-Core 0.3.11 that was being used. How the dependencies worked out this way I'm not sure.
Ring-Core 0.3.11 doesn't include the :http-only key, and trying to set it causes the cookie middleware to blow up in a rather unintuitive way. To make sure this doesn't occur in future versions of Ring, I'm going to update the middleware to produce a far more sensible error message (probably using a pre-condition).
Noir will still have to be fixed, though. My guess is that including an explicit [ring-core "1.0.0-RC1"] might fix it... But it may not matter in a few days, as I plan to release Compojure 1.0.0 shortly after Ring 1.0.0.
Ah yes, disabling :local-repo-classpath and adding an explicit [ring "1.0.0-RC1"] does indeed now allow me to use the :http-only option without the NPEs and 500s. Thanks so much!
In trying to use the CookieStore session store using non-default attributes, I encountered the following stack trace:
java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.NullPointerException
at clojure.lang.LazySeq.sval(LazySeq.java:47)
at clojure.lang.LazySeq.seq(LazySeq.java:56)
at clojure.lang.RT.seq(RT.java:450)
at clojure.core$seq.invoke(core.clj:122)
at ring.util.servlet$set_headers.invoke(servlet.clj:86)
at ring.util.servlet$update_servlet_response.invoke(servlet.clj:124)
at ring.adapter.jetty$proxy_handler$fn__731.invoke(jetty.clj:18)
at ring.adapter.jetty.proxy$org.mortbay.jetty.handler.AbstractHandler$0.handle(Unknown Source)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:926)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
It appears as if one of the headers is set to a lazy-seq which is then trying to walk over a nil. This app works fine with the standard memory store, so I believe this to be an issue with the cookie store in particular. I reported this to the Noir mailing list and Chris thought it was a bug in Ring, so I am opening this issue.
The code which produces this is here:
https://github.com/codeslinger/nooz/blob/0b2f08bcb7efce23a41894c91dce234087bd581c/src/nooz/server.clj#L17
If I remove the :session-cookie-attrs line from the configuration map, everything works properly. Having it in, though, produces the above stacktrace and a 500 error on every request to the server from then on.