Users take sessions of other users when sessions are stored in memcached (Rails)?

I've seen this and found it very difficult to debug.

Up vote 6 down vote favorite 5 share g+ share fb share tw.

I have a very weird problem, when storing my session in Memcached. From time to time some users takes the session of others. E.g.

John, becomes logged in as Maria, Maria as Chris and so on. I use Rails 2.3.4, but the same problem has been happening with earlier versions of Rails. I use only one Memcache server and it's running on the same machine.

The problem with debugging this is that I can not reproduce it. I'll be very glad if anybody can guide me how to solve this problem or debug it. I'll be also happy if you are using Memcached for sessions and you share your example confgs.

These are my configurations: # memcache options memcache_options = { :c_threshold => 10_000, :compression => false, :debug => false, :namespace => 'app_prod', :readonly => false, :urlencode => false, } memcache_servers = 'localhost:11211' CACHE = MemCache. New(memcache_options) CACHE. Servers = memcache_servers config.

Cache_store = :mem_cache_store, memcache_servers, memcache_options config. Action_controller. Session_store = :mem_cache_store config.

Action_controller. Session = { :session_key => '_appname', :cache => CACHE, # :expires => 10, # :session_expires => 10, :secret => '5391aaaaaaaaaa56f8e8234beb638b97b32bbbbbbbbbbcc9dcae2beccccccccc89e8b508328def001a368da0678b061eb0e9d5a82a5ac94c8d35bd31a9a49e1' } Thank you in advance, Stan ruby-on-rails session memcached link|improve this question edited Oct 27 '09 at 19:52Jeremy Stein4,99351734 asked Oct 6 '09 at 8:01Stanislav574211 64% accept rate.

I've seen this and found it very difficult to debug. If you're using passenger, you may want to look at using the conservative method for spawning new servers. The default method has servers sharing a single socket to memcache.

The docs discuss it in more detail. modrails.com/documentation/Users%20guide....

Yes, I use Passenger. I'll test it on both my applications and will share the results here. Thank you a lot for your help.

I can "smell" that the problem is here. – Stanislav Oct 15 '09 at 11:07 I envy your nose but I'd not flag the answer as correct until the result is verified – zvolkov Oct 27 '09 at 20:01.

This could be a problem with the session cookie flipping between two values. For example, you might have one assigned to example.com and another to www. Example.com, a common situation with some sites that respond to both without redirecting to make one canonical.

The behavior of some browsers is to send the cookie matching the longest subdomain, whereas others actually send through both values, and they may differ. This could lead to a session toggling between two different values at unpredictable times. One way to fix this is to lock your cookies to .

Domain.com instead of letting it assume the www or www-less version, if this is the case, or redirecting to force the use of one only. Another way to diagnose the nature of the session situation is to have a debugging page that displays the session ID, or embed it in the page output somehow so someone who encounters the problem can help in diagnosing it. Something like /session_info is easy to create.

OK, I have this config option: ActionController::Base. Session_options:session_domain = '.mysite. Com' I think this config option means that the application will have to use one session for all subdomains including the main (mysite.com) .

Also, can you give a further advice what I could do if I see the session_id of a problematic User? – Stanislav Oct 7 '09 at 14:17 That's the way to set the cookie properly, so that much should be working. If you want to get adventuresome, you can look through the production.

Log file for which session_id values are used. Usually when one user flips to another it's because sessions are getting mixed up. If that's not the case, at least you can focus your search in other areas.

– tadman Oct 7 '09 at 15:15 Yes, I think that the sessions are getting mixed up and I'm lookin for a solution of this problem. – Stanislav Oct 7 '09 at 15:25.

I never ran into such a problem before, I just can't imagine that it's even happening. This is my conf: require 'memcache' memcache_options = { :c_threshold => 10_000, :compression => true, :debug => false, :namespace => "app-me", :readonly => false, :urlencode => false } memcache_servers = "#{MEMCACHED_HOST}:#{MEMCACHED_PORT}" CACHE = MemCache. New memcache_options CACHE.

Servers = memcache_servers ActionController::Base. Session_options:expires = 1800 ActionController::Base. Session_options:cache = CACHE # Inside the Rails initializer config.

Action_controller. Session_store = :mem_cache_store.

Well as you can see, the only difference with my memcache_options is that I don't use :compression. However I don't think it should be a problem. In both apps that have problems with the session I've configured such redirects: mysite.com" rel="nofollow">mysite.com => mysite.com" rel="nofollow">mysite.com .

Do you have domain/subdomain redirects with yours? – Stanislav Oct 7 '09 at 14:21.

Here it is the code that resolves the problem for me: I added these lines at the end of environment. Rb if defined?(PhusionPassenger) PhusionPassenger. On_event(:starting_worker_process) do |forked| if forked CACHE.

Reset if Rails.cache. Class == ActiveSupport::Cache::MemCacheStore Rails.cache. Instance_variable_get(:@data).

Reset end end end end.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.