I just upgraded to the newly released Rails 2.3.9, and session data stopped getting saved. I could set session data and it was accessible within the same request, but on the next request, the session data is gone.
After digging a little deeper, I found that I was specifying the options for the session in the wrong place. Previously, the session options were specified in environment.rb. Now, Rails has moved this in to a different file, config/initializers/session_store.rb. Simply create this file with the following code:
Change the key to what you previously set as :session_key, and set secret to your previous :secret value. Be sure to uncomment the last line if you're using the database as the session store. Also, be sure to delete all session code from environment.rb after you do this.
However, this still didn't do the trick for the main Rails app that I work on. I'm using ActiveRecord to store session data for this app - data is too sensitive to store in a cookie. After adding the file session_store.rb to config/initializers, data still wasn't getting stored in the session. This appears to be a bug in Rails 2.3.9, as evidenced by ticket #5581. I tried the patch that Mislav posted in the comments of the ticket, but the session still didn't work for me. So, it's back to Rails 2.3.5 for my main app. The ticket is closed, so it appears as if this has been fixed in the Rails code, but I'm not sure if/when a 2.3.10 version of Rails will be released.
8 comments:
Did you try the following patch? http://gist.github.com/570149
It works for me.
Yeah, I had tried that patch, but the session still didn't work.
Thank you for posting this. I did get the patch to work.
The patch did the trick for me. Thanks Jeff.
I initially couldn't get the patch to work, either, but I later discovered that it's critical that you run your -
# Set up session store using DB
ActionController::Base.session = {
:key => 'your key',
:secret => 'your secret'
}
ActionController::Base.session_store = :active_record_store
- lines BEFORE the patch. Check your load order. In my case, I just put the patch code into my config/initializers/session_store.rb BELOW my key and secret, and that worked nicely.
Thanks Dan
The order matters
Yes, thanks Dan. I had been trying to figure out for the last 45 minutes why the patch didn't fix my problem, but you are right, the order in which the initializers are loaded does matter. I'm not sure why more people didn't run into this issue.
It worked, many thanks!
Post a Comment