0

In a Rails application, a lot of sessions have been created from time to time as the production database grew. As a workaround, I delete sessions from time to time. I would like to fix that problem, but I have no idea how to debug a situation like that. The session data is pretty small, so I could switch to cookie store, but this would not solve the problem. What is the best technique to debug a situation like that? And what could be the reason for a lot of new sessions created?

I am the only user of the application, it runs on a local virtual box, but could be seen by others. My context is:

  • Rails 4.0.0 (had not the time to upgrade lately)
  • SQLite3
  • ruby 1.9.3p547

After having asked the question, I had a meeting (so no active use of the Rails application), and when I came back, a query 

sqlite> select created_at, updated_at from sessions where updated_at > "2014-10-17";

showed the following result:

2014-10-17 07:49:56.202187|2014-10-17 07:49:56.202187
2014-10-17 07:50:26.039702|2014-10-17 07:50:26.039702
2014-10-17 07:50:56.043092|2014-10-17 07:50:56.043092
2014-10-17 07:51:26.057016|2014-10-17 07:51:26.057016
2014-10-17 07:51:56.163507|2014-10-17 07:51:56.163507
2014-10-17 07:52:26.071406|2014-10-17 07:52:26.071406
2014-10-17 07:52:56.191103|2014-10-17 07:52:56.191103
2014-10-17 07:53:26.070792|2014-10-17 07:53:26.070792

So there seems to be a regular schedule when requests lead to new sessions. How can I find the reason for that?

Update: I have integrated the logging from another answer and now the log entries match the session entries. Next step is to find the real sender. Is is more complicated, because I use vagrant and port forwarding, so all requests inside the Rails app come from the same machine (the host).

Community
  • 1
  • 1
mliebelt
  • 15,345
  • 7
  • 55
  • 92
  • are you using `devise` gem? – Sachin Singh Oct 17 '14 at 06:46
  • No, I don't. There is no authentication / authorization implemented in that Rails app. So everyone that knows the URL could use the application (but I have no signs seen that this happens). – mliebelt Oct 17 '14 at 07:53
  • My first guess would be those are robots or some script polling the website, especially as they are created evenly every 30 seconds. Try getting IPs of those requests. – BroiSatse Oct 17 '14 at 10:26

1 Answers1

0

I found the originator of the regular calls (by accident). I have noticed that when my Opera browser was closed, then there were no additional log entries all 30 seconds with a new session in it.

I dig a little deeper, and found, that the "Start page" from Opera contained as one of the entries the call to my Rails application. After having deleted that entry from the "Start page", there were no more sessions created any more.

So, solution for me is to not have a reference from the start page. I would never ever had thought that this could be the case :-(

mliebelt
  • 15,345
  • 7
  • 55
  • 92