Project

General

Profile

Bug #14338

ActionDispatch::Cookies::CookieOverflow

Added by Brandon Weeks about 4 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Rails
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

When attempting to delete a smart proxy that has a large number of assigned hosts, ApplicationController#notice calls flash with a long string causing a cookie overflow. Everything that I can find indicates that with :active_record_store set as the session_store this shouldn't be happening.

2016-03-23 14:27:14 [app] [F]
 | ActionDispatch::Cookies::CookieOverflow (ActionDispatch::Cookies::CookieOverflow):
 |   actionpack (4.1.5) lib/action_dispatch/middleware/cookies.rb:471:in `[]='
 |   actionpack (4.1.5) lib/action_dispatch/middleware/session/cookie_store.rb:110:in `set_cookie'
 |   rack (1.5.2) lib/rack/session/abstract/id.rb:350:in `commit_session'
 |   rack (1.5.2) lib/rack/session/abstract/id.rb:226:in `context'
 |   rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/cookies.rb:560:in `call'
 |   activerecord (4.1.5) lib/active_record/query_cache.rb:36:in `call'
 |   activerecord (4.1.5) lib/active_record/connection_adapters/abstract/connection_pool.rb:621:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
 |   activesupport (4.1.5) lib/active_support/callbacks.rb:82:in `run_callbacks'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
 |   railties (4.1.5) lib/rails/rack/logger.rb:38:in `call_app'
 |   railties (4.1.5) lib/rails/rack/logger.rb:22:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/request_id.rb:21:in `call'
 |   rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
 |   rack (1.5.2) lib/rack/runtime.rb:17:in `call'
 |   activesupport (4.1.5) lib/active_support/cache/strategy/local_cache_middleware.rb:26:in `call'
 |   actionpack (4.1.5) lib/action_dispatch/middleware/static.rb:64:in `call'
 |   rack (1.5.2) lib/rack/sendfile.rb:112:in `call'
 |   railties (4.1.5) lib/rails/engine.rb:514:in `call'
 |   railties (4.1.5) lib/rails/application.rb:144:in `call'
 |   railties (4.1.5) lib/rails/railtie.rb:194:in `public_send'
 |   railties (4.1.5) lib/rails/railtie.rb:194:in `method_missing'
 |   rack (1.5.2) lib/rack/builder.rb:138:in `call'
 |   rack (1.5.2) lib/rack/urlmap.rb:65:in `block in call'
 |   rack (1.5.2) lib/rack/urlmap.rb:50:in `each'
 |   rack (1.5.2) lib/rack/urlmap.rb:50:in `call'
 |   /usr/lib/ruby/gems/1.8/gems/passenger-4.0.18/lib/phusion_passenger/rack/thread_handler_extension.rb:77:in `process_request'
 |   /usr/lib/ruby/gems/1.8/gems/passenger-4.0.18/lib/phusion_passenger/request_handler/thread_handler.rb:140:in `accept_and_process_next_request'
 |   /usr/lib/ruby/gems/1.8/gems/passenger-4.0.18/lib/phusion_passenger/request_handler/thread_handler.rb:108:in `main_loop'
 |   /usr/lib/ruby/gems/1.8/gems/passenger-4.0.18/lib/phusion_passenger/request_handler.rb:441:in `block (3 levels) in start_threads'
 |   logging (1.8.2) lib/logging/diagnostic_context.rb:323:in `call'
 |   logging (1.8.2) lib/logging/diagnostic_context.rb:323:in `block in create_with_logging_context'
 |
 |

Associated revisions

Revision 72f46ae9 (diff)
Added by Dominic Cleal about 4 years ago

fixes #14338 - move session store configuration earlier

When a plugin has an initializer relying on :build_middleware_stack, the
middleware stack is constructed with the default session store (cookies)
as the store hasn't been configured by config/initializers/ yet. Moving
the config into the main app config ensures it's set before the
middleware stack is first loaded.

Revision 540b67d5 (diff)
Added by Dominic Cleal about 4 years ago

fixes #14338 - move session store configuration earlier

When a plugin has an initializer relying on :build_middleware_stack, the
middleware stack is constructed with the default session store (cookies)
as the store hasn't been configured by config/initializers/ yet. Moving
the config into the main app config ensures it's set before the
middleware stack is first loaded.

(cherry picked from commit 72f46ae90c63d1b1b32a25a3b69276418400dbab)

History

#1 Updated by Dominic Cleal about 4 years ago

  • Category changed from Web Interface to Rails
  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal

I can reproduce this when foreman_bootdisk is loaded, it seems the mount_engine initialiser (https://github.com/theforeman/foreman_bootdisk/blob/v6.1.0/lib/foreman_bootdisk/engine.rb#L13) triggers early construction of the Rails app middleware. When this happens, the config/initializers/session_store.rb initialiser hasn't been reached yet, so the default (cookie) session store is used.

You can see the problem by looking at the session (e.g. session.instance_variable_get(:@by)) or setting flash[:info] to a large value ('a'*5000).

#2 Updated by The Foreman Bot about 4 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3366 added

#3 Updated by Dominic Cleal about 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal about 4 years ago

  • Legacy Backlogs Release (now unused) set to 141

#5 Updated by Daniel Lobato Garcia about 4 years ago

  • Bugzilla link set to 740974

Also available in: Atom PDF