Rack 1.4.0 release #279

Closed
josevalim opened this Issue Dec 3, 2011 · 8 comments

Projects

None yet

3 participants

@josevalim
Collaborator

Bros, can we have a rack 1.4.0 release? If so, let me know, I will run Rails using Rack from master to make double sure we don't have a regression and ping you back if everything pass.

@rkh
Member
rkh commented Dec 3, 2011

We should give the issues another round before that. I'll see if I can make some time for that.

@raggi
Member
raggi commented Dec 5, 2011

I've done a bunch of the pull requests today. I'll try and get to issues this evening.

I have a couple of semi-blockers, so it might not happen this weekend.

@raggi
Member
raggi commented Dec 5, 2011

José: do you have an opinion on #272 ?

I have mixed feelings, but I don't know how often this has come up in your community.

I am worried that the more correct action is to clear all cookies, but, with this specific replication - that would result in loss of tracking, and users logged out.

I doubt, without XSS open, that clearing all cookies could be abused?

@josevalim
Collaborator

I have never seen this coming up in exceptions (hoptoad and the like) but what would be the reasoning in cleaning all cookies? I'd just ignore the ones that are invalid instead.

@josevalim
Collaborator

Btw, tks for working on a 1.4.0 release! <3 <3

@raggi
Member
raggi commented Dec 5, 2011

Well, the problem is, you potentially have a corrupted session if one or more cookies are broken. We could hand this on to the apps, but it's a bit like handing someone a knife with the blade pointing at the palm of their hand. Don't get me wrong, I'm all for giving developers knives, but saying "here catch" seems a little less fair.

@josevalim
Collaborator

Well, clearing it all should also be fine. My assumption is that the broken cookie would not be set by the app, so we could ignore it without affecting the others. If you have a broken cookie setup you should be able to catch in development, the only problem is when it comes accidentally from other entities and we would not like to clear everything.

@raggi
Member
raggi commented Dec 28, 2011

José thanks again for checking this out today. Release will happen shortly!

@raggi raggi closed this Dec 28, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment