在Rails中,这可能会导致用户有其他用户的会话? [英] In Rails, what could cause a user to have another user's session?
问题描述
我有一个认证系统使用Rails应用程序中宁静的认证不作任何修改。
I have a Rails application using with an authentication system using Restful Authentication without any modification.
用户报告发现自己身份登录错误的用户。在至少一个情况下,它是在他们的第一个页面视图,从未登录之前。
Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before.
是否有可能他们的会话ID被混淆了?将切换到的CookieStore使它不可能为了做到这一点,因为没有会话数据存储在服务器上的这种方式?
我怀疑这个问题是关系到乘客,但我不知道从哪里开始调试这个。它仅在几个月被活所以它几乎不可能再现发生的4倍左右。
Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce.
环境:
ActiveRecord的会话存储
2.2.2的Rails
2.0.1乘客
阿帕奇2
红宝石1.8.6
Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6
非常感谢
推荐答案
我曾经经历过类似的问题,原因竟然是用户存储在一类变量,而不是实例变量。例如说,你验证/用户存储是这样的:
I once experienced a similar problem and the cause turned out to be that the user was stored in a class variable instead of an instance variable. Say for instance that you authenticate/store your user like this:
def current_user
User.current ||= ( login_from_session || login_by_password )
end
在这种情况下,用户将被保存在类,而不是实例和谁登录第一用户将存储在类和将传递到下一个用户会话为好。为了解决这个问题,这被更改为
In this case the user will be stored in the class and not the instance and the first user who login will be stored in the class and that will be passed over to the next users session as well. To solve it, this was changed to
def current_user
@current_user ||= ( login_from_session || login_by_password )
end
这当然只是众多可能性之一,但我会写都从会话中USER_ID并使用用户变量,到日志,看看是否有任何差异开始我排除故障。
This is of course only one of many possibilities but I would start my troubleshooting by writing both the user_id from the session and the user variable you use, to the log to see if there are any differences.
这篇关于在Rails中,这可能会导致用户有其他用户的会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
