Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Event objects can't be properly serialized using Rails :json serializer #13

Closed
jhilden opened this issue Jan 7, 2015 · 6 comments
Closed

Event objects can't be properly serialized using Rails :json serializer #13

jhilden opened this issue Jan 7, 2015 · 6 comments
Labels
bug

Comments

@jhilden
Copy link
Contributor

jhilden commented Jan 7, 2015

Background: Rails.application.config.action_dispatch.cookies_serializer is set to :json (or :hybrid)

Problem: A rack tracker event object (such as Rack::Tracker::GoogleAnalytics::Send) wich was stored in the session and retrieved again, will be deserialized as a string like "#<Rack::Tracker::GoogleAnalytics::Send type=\"event\", category=\"...\", action=\"...\">"" instead of a proper object.

This results in an exception like NoMethodError: undefined method 'write' for #<String:0x00000007ae8bf0>

I'm not sure what the event objects need to implement in order to serialize well to JSON. Maybe include http://api.rubyonrails.org/classes/ActiveModel/Serializers/JSON.html ?
@jhilden jhilden added the bug label Jan 7, 2015
@jhilden
Copy link
Contributor Author

jhilden commented Jan 21, 2015

As far as I can tell, the JSON serializer in rails 4.1+ simply cannot be used for serializing objects but only for primitves such as hashes, arrays, strings, etc.

So I guess the only possible solution would be to store the events using a hash representation in the session and then reinitialize the original event objects from those hashes.

jhilden added a commit that referenced this issue Jan 22, 2015
@jhilden
store events as hashes in the session
2c9eea5 
this way they can be serialized using :json serialization and not only using :marshal.
:json is the default serializer in rails 4.1+ and considered much safer
see issue #13
@jhilden jhilden mentioned this issue Jan 22, 2015
Merged
@jhilden
Copy link
Contributor Author

jhilden commented Jan 26, 2015

Fix was merged into master.

@jhilden jhilden closed this as completed Jan 26, 2015
@jhilden
Copy link
Contributor Author

jhilden commented Feb 2, 2015

This issue has been resolved by PR #16 but when this change is deployed there can be exceptions with old session data that still contains serialized objects instead of the new hashes.

NoMethodError: undefined method `except' for #<Rack::Tracker::GoogleAnalytics::Send category=...>

/ruby/2.1.0/bundler/gems/rack-tracker-2f0c5b612141/lib/rack/tracker/handler.rb:16 in "block in events"

How should we react to that? Just put a warning in the changelog? Build some migration code?

@jhilden jhilden reopened this Feb 2, 2015
@jhilden
Copy link
Contributor Author

jhilden commented Feb 2, 2015

This only happens if a users last request before the deployment was a redirect that stored the rack-tracker event in the session (as a serialized object) and the next request is after the deployment and excepts a serialized hash. All further requests are not affected. In our case it produced 2 exceptions after the deployment.

@kangguru
Copy link

kangguru commented Feb 2, 2015

¯_(ツ)_/¯

maybe advise users to change the session secret, so everything is invalidated

@jhilden
Copy link
Contributor Author

jhilden commented Feb 2, 2015

wouldn't that be pretty drastic to invalidate thousands of sessions just to prevent 2 exceptions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhilden @kangguru @DonSchado