5

I have the following code in my sessions_helper:

 def current_user
   @current_user ||= User.find_by_remember_token(cookies[:remember_token])
 end

This let's me call current_user from any controller to get the current User. (I'm using authentication from scratch similar to Railstutorial's or Railscasts).

I have ajax request called lookup_result that checks the server to see if a specific result is ready.

 $.get("/lookup_result?id=<%=id%>");

It goes to the following controller method:

def lookup result
  user = current_user 
  # do things with user...
end

This usually works fine, but sometimes Rails fails to get the current_user. I suspect the problem is that the cookies or CSRF token fail to get passed through the ajax request on some occasions, but why does it usually work? How do I fix it so it always works?

Update:
I don't know how to replicate the error. Only signed-in users are able to access the page that sends that request (though someone could copy the ajax request into another browser that isn't signed in). I report the error with rollbar and save the request data.

This is the usual data for user-agent when current_user fails:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; ... )

This implies there's some issue with Internet Explorer sending the session info over Ajax. Anyone know how to fix this?

Below you can see all the data categories it returns, though it's empty for anything with "session" in it.

Timestamp
message.request_data.headers.Accept
message.request_data.headers.Accept-Encoding
message.request_data.headers.Accept-Language
message.request_data.headers.Cf-Connecting-Ip //(CF stands for cloudflare)
message.request_data.headers.Cf-Ipcountry
message.request_data.headers.Cf-Ray
message.request_data.headers.Cf-Visitor
message.request_data.headers.Connection
message.request_data.headers.Host
message.request_data.headers.User-Agent
message.request_data.headers.Version
message.request_data.headers.X-Forwarded-For
message.request_data.headers.X-Forwarded-Port
message.request_data.headers.X-Forwarded-Proto
message.request_data.headers.X-Request-Start
message.request_data.method
message.request_data.params.... //(various parameters are displayed)
...
message.request_data.session.defer //(all these session items are empty)
message.request_data.session.domain
message.request_data.session.expire_after
message.request_data.session.httponly
message.request_data.session.id
message.request_data.session.path
message.request_data.session.renew
message.request_data.session.secret
message.request_data.session.secure
message.request_data.url
message.request_data.user_ip
server.host

am-rails
  • 1,463
  • 2
  • 16
  • 40

2 Answers2

1

The error never has any information about the account, IP address or browser.

If user is nil, of course no "account" :)

For IP address and user agent, you should check it with request.env object. No matter the user presents or not, the request information is still there.

Billy Chan
  • 24,625
  • 4
  • 52
  • 68
  • I added some info to Rollbar to view the Request information. I now see some errors originating from China, but I still don't know cause.. – am-rails Nov 14 '13 at 16:58
1

It seems to be mainly a problem with Internet Explorer. According to other answers on StackOverflow, IE isn't good at passing session info if the URL has underscores in it! I'm going to change the URLs and see if that helps solve the problem. (Though the underscore was not in the domain name.)

No Session Cookies on Internet Explorer 9 AJAX requests
Internet Explorer ignores cookies on some domains (cannot read or set cookies)

(Update: Not clear if that helped.)

Community
  • 1
  • 1
am-rails
  • 1,463
  • 2
  • 16
  • 40