RubyForge: rfacebook: Detail: 18163 Shared session bug and proposed fix

[#18163] Shared session bug and proposed fix

Date:
2008-02-18 16:26 Priority:
3

Submitted By:
Mike Kelley (mwk88) Assigned To:
Nobody (None)

Category:
None State:
Open

Summary:
Shared session bug and proposed fix

Detailed description

I and some others have hit a bug where rfacebook 0.98 causes Rails to share sessions between multiple different
clients.

See this posting for other reports of the problem:
http://groups.google.ca/group/rubyonrails-talk/browse_thread/thread/e793facba9bfa0f0/9017569ae6e70cce?lnk=raot

I think I found the bug in session_extensions.rb

Original code (excerpt):
  def session_id_available?(request) # :nodoc:
    # TODO: we should probably be checking the fb_sig...
    return (lookup_request_parameter(request, "fb_sig_in_canvas") or
      lookup_request_parameter(request, "fb_sig_is_ajax"))
  end

The problem is lookup_request_parameter returns "" (not nil) if it
does not find the param, so this is returning true even when
fb_sig_in_canvas and fb_sig_is_ajax are not present.

Here's the fix I jammed in -- don't know if this has unintended
consequences, but it did immediately solve the session reuse bug:
  def session_id_available?(request) # :nodoc:
    fb_sic = lookup_request_parameter(request, "fb_sig_in_canvas")
    fb_sia = lookup_request_parameter(request, "fb_sig_is_ajax")
    return ((fb_sic and (fb_sic.length > 0)) or (fb_sia and
          (fb_sia.length > 0)))
  end

Mike

Add A Comment:

Please login

Followup

Message

Date: 2008-08-09 18:26
Sender: Gerald Bauer

FYI: The official RFacebook forum/mailing list (including
the core RFacebook developers) is @
http://groups.google.com/group/rfacebook

If you want to get the issue resolved that's the best place
to start. Cheers.

Attached Files:

Name	Description	Download

No Files Currently Attached

[#18163] Shared session bug and proposed fix

Please login

Followup

Attached Files:

Changes:

No Changes Have Been Made to This Item