为什么Ruby on Rails有时会在每次点击时创建新的Session? [英] Why does Ruby on Rails create new Sessions on every hit (sometimes)?
问题描述
由于某种原因,我的RoR应用程序中的会话处理程序对于许多用户来说似乎在生产中表现得很奇怪。我正在使用默认的RoR ActiveRecord会话存储,在开发过程中一切正常。只要我保持浏览器处于打开状态,每次修改会话时都会更新一个现有的数据行,就像您希望会话能够正常工作一样。当转到生产服务器时,我个人观察到相同的行为。但是,在数据库中查看时,我在此屏幕快照中看到很多行:
for some reason, the session handler in my RoR application seems to act weird in production for many users. I am using the default RoR ActiveRecord Session Store and in development everything works just fine. As long as I keep the browser open, one existing data row is being updated every time I modify the session, just like you'd expect sessions to work. When going to the production server, I personally observe the same behavior. However, when looking in the database, I see very many rows like on this screenshot:
http://imageshack.us/f/191/screenshot20110527at832.png/ (很抱歉,由于我是新用户,所以我不能在此处直接包含图像)
http://imageshack.us/f/191/screenshot20110527at832.png/ (Sorry, but I cannot include images here directly since I am a new user)
该网站包含在另一个网站的iframe中,并具有一个调度程序,该调度程序将根据某些会话数据将用户(重定向至)发送到同一控制器中的另一个操作,即对于所有用户,相同的网址(mydomain.com/dispatcher)将包含在iframe中。然后,映射到该URL的操作将基于session [:current_action]决定将用户重定向到的位置。
The website is included in an iframe on another website and has a dispatcher, which will send (redirect_to) the user to another action in the same controller based on some session data, i.e. for all users, the same URL (mydomain.com/dispatcher) will be included in an iframe. The action mapped to this URL will then decide where to redirect the user to based based on session[:current_action].
该网站几乎没有任何流量,因此实际上不可能有任何流量。每秒有10个不同的用户向网站提出请求。实际上,我在production.log中可以看到 在被重定向时,用户具有不同的session_id,例如当访问调度程序时,用户可能具有特定的sessionid,并且在请求实际的目标操作时(由于调度程序中redirect_to的结果),会话id将更改为其他名称。此外,大多数会话数据行(> 16000个数据行中的97.5%以上)的生存时间为0秒(即created_at等于Updated_at)。
The website barely has any traffic, so there is no way that there are actually approx. 10 distinct users making a request to the website every second. In fact, I can see in the production.log that while being redirected, the users have different session_ids, e.g. when visiting the dispatcher, the user may have a particular sessionid and when requesting the actual target action (as a consequence of the redirect_to in the dispatcher), the sessionid will have changed to something else. Furthermore, most (>= 97.5% of more than 16000 data rows) of the session data rows have a 'lifetime' of 0 seconds (i.e. created_at equals updated_at).
您知道什么可能导致此问题吗?
Do you have any idea what could cause this problem?
redirect_to调用是否有可能破坏RoR会话处理?
Is there any chance that redirect_to calls mess up the RoR session handling?
非常感谢您的想法!
推荐答案
事实证明存在两个问题:
It turns out there were two problems:
-
Internet Explorer中的第三方Cookie:由于该网站包含在iframe中,因此所有IE(IE6-IE9)都会阻止Cookie包括会话cookie。此后,将在每次重定向时为用户提供一个新的session_id。
Third-Party cookies in Internet Explorer: Because the site was included in an iframe, all IEs (IE6-IE9) would block cookies including the session cookie. Following this, the user would be provided with a new session_id on every redirect.
此外,在Rails中的会话存储之间进行切换时(例如在Cookie和ActiveRecord会话之间)商店),所有现有会话都应删除/过期。否则,RoR将生成巨大的session_id,如以下SQL语句中所示:
Furthermore, when switching between session storages in Rails (e.g. between Cookie and ActiveRecord Session Store), all existing sessions should be deleted/expired. Otherwise, RoR will generate huge session_ids, like in the following SQL statement:
{:sql => INSERT INTO
会话(session_id,数据,created_at,的updated_at)VALUES( 'BAh7CUkiD3Nlc3Npb25faWQGOgZFRiIlZmRhMzRjMzdiOWU0YjhhMzIyNGU0Y2IwOWZiN2E4YTJJIgptdHVyawY7AEZ7CToSYXNzaWdubWVudF9pZEkiIEFTU0lHTk1FTlRfSURfTk9UX0FWQUlMQUJMRQY7AFQ6C2hpdF9pZEkiIzJRRzhUTktJTVpTTVU4U1ZSR0ZNNVBHVjRNTFlCRQY7AFQ6Dndvcmtlcl9pZEkiE0ExQzdBNFFYUE5DOTRDBjsAVDoPc3VibWl0X3VybEkiGmh0dHBzOi8vd3d3Lm10dXJrLmNvbQY7AFRJIhVza2lwcGVkX3Rhc2tfaWRzBjsARlsGaQBJIhBfY3NyZl90b2tlbgY7AEZJIjFvbHJiK2tSaDZ1dDhyZ011VmUyZnZrY01wWWFuQll6cVY1YWZ4M0c1QkhFPQY7AEY = - a4223802cfb90e6c75578cc1a27427cf96778598', 'BAh7B0kiCm10dXJrBjoGRUZ7AEkiEmlzX2Rpc3BhdGNoZWQGOwBGVA == \\\
',2011-05-28五时47分19秒','2011-05-28 05:47:19')
{:sql=>"INSERT INTO
sessions(session_id,data,created_at,updated_at) VALUES ('BAh7CUkiD3Nlc3Npb25faWQGOgZFRiIlZmRhMzRjMzdiOWU0YjhhMzIyNGU0Y2IwOWZiN2E4YTJJIgptdHVyawY7AEZ7CToSYXNzaWdubWVudF9pZEkiIEFTU0lHTk1FTlRfSURfTk9UX0FWQUlMQUJMRQY7AFQ6C2hpdF9pZEkiIzJRRzhUTktJTVpTTVU4U1ZSR0ZNNVBHVjRNTFlCRQY7AFQ6Dndvcmtlcl9pZEkiE0ExQzdBNFFYUE5DOTRDBjsAVDoPc3VibWl0X3VybEkiGmh0dHBzOi8vd3d3Lm10dXJrLmNvbQY7AFRJIhVza2lwcGVkX3Rhc2tfaWRzBjsARlsGaQBJIhBfY3NyZl90b2tlbgY7AEZJIjFvbHJiK2tSaDZ1dDhyZ011VmUyZnZrY01wWWFuQll6cVY1YWZ4M0c1QkhFPQY7AEY=--a4223802cfb90e6c75578cc1a27427cf96778598', 'BAh7B0kiCm10dXJrBjoGRUZ7AEkiEmlzX2Rpc3BhdGNoZWQGOwBGVA==\n', '2011-05-28 05:47:19', '2011-05-28 05:47:19')
结果,MySQL截断了 session-id 以适合255个字符(Rails会话迁移后的默认列规范)。因此,在以下请求下,Rails尝试使用(非常长的) session_id (当然没有成功)恢复会话。
As a result, MySQL truncated the session-id to fit in the 255 chars (default column specification after the rails session migration). Consequently, on the following request, rails tried to recover the session using the (extremely long) session_id - of course without success.
我尝试通过添加以下HTTP响应标头来解决IE问题:
I tried to fix the IE issue by adding the following HTTP Response header:
response.header["P3P"] = 'CP="CAO PSA CONi OTR OUR DEM ONL"'
但是,似乎没有正常工作,这就是为什么我要重写该应用程序使其完全没有任何会话信息的原因。不过,任何进一步的提示将不胜感激,以供将来参考。
However, that does not seem to work, which is why I am rewriting the app to work without any session information at all. Still, any further hints would be appreciated for future reference.
这篇关于为什么Ruby on Rails有时会在每次点击时创建新的Session?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
