Open shleeable opened 4 years ago
Duplicating my comment from https://github.com/rack/rack/issues/1522 here, with some small updates to include ActiveRecord Session Store versions:
Rack 2.1.1, ActiveRecord Session Store 1.1.3
NoMethodError
undefined method `transform_keys' for #<ActionDispatch::Request::Session:0x00007fd3d0f3d170>
rack (2.1.1) lib/rack/session/abstract/id.rb:212:in `stringify_keys'
rack (2.1.1) lib/rack/session/abstract/id.rb:148:in `update'
rack (2.1.1) lib/rack/session/abstract/id.rb:317:in `prepare_session'
rack (2.1.1) lib/rack/session/abstract/id.rb:276:in `context'
rack (2.1.1) lib/rack/session/abstract/id.rb:271:in `call'
rack (2.1.1) lib/rack/urlmap.rb:77:in `block in call'
rack (2.1.1) lib/rack/urlmap.rb:61:in `each'
rack (2.1.1) lib/rack/urlmap.rb:61:in `call'
rack (2.1.1) lib/rack/builder.rb:176:in `call'
sidekiq (6.0.3) lib/sidekiq/web.rb:104:in `call'
sidekiq (6.0.3) lib/sidekiq/web.rb:109:in `call'
actionpack (6.0.2.1) lib/action_dispatch/routing/mapper.rb:19:in `block in <class:Constraints>'
actionpack (6.0.2.1) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (6.0.2.1) lib/action_dispatch/journey/router.rb:49:in `block in serve'
actionpack (6.0.2.1) lib/action_dispatch/journey/router.rb:32:in `each'
actionpack (6.0.2.1) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (6.0.2.1) lib/action_dispatch/routing/route_set.rb:837:in `call'
meta_request (0.7.2) lib/meta_request/middlewares/app_request_handler.rb:13:in `call'
meta_request (0.7.2) lib/meta_request/middlewares/meta_request_handler.rb:13:in `call'
rack-attack (6.2.1) lib/rack/attack.rb:156:in `call'
remotipart (1.4.3) lib/remotipart/middleware.rb:32:in `call'
warden (1.2.8) lib/warden/manager.rb:36:in `block in call'
warden (1.2.8) lib/warden/manager.rb:34:in `catch'
warden (1.2.8) lib/warden/manager.rb:34:in `call'
rack (2.1.1) lib/rack/tempfile_reaper.rb:17:in `call'
rack (2.1.1) lib/rack/etag.rb:27:in `call'
rack (2.1.1) lib/rack/conditional_get.rb:27:in `call'
rack (2.1.1) lib/rack/head.rb:14:in `call'
actionpack (6.0.2.1) lib/action_dispatch/http/content_security_policy.rb:18:in `call'
rack (2.1.1) lib/rack/session/abstract/id.rb:277:in `context'
rack (2.1.1) lib/rack/session/abstract/id.rb:271:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/cookies.rb:648:in `call'
activerecord (6.0.2.1) lib/active_record/migration.rb:567:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.2.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.2.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
rack-contrib (2.1.0) lib/rack/contrib/response_headers.rb:17:in `call'
meta_request (0.7.2) lib/meta_request/middlewares/headers.rb:16:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.0.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.2.1) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.0.2.1) lib/active_support/tagged_logging.rb:80:in `block in tagged'
activesupport (6.0.2.1) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (6.0.2.1) lib/active_support/tagged_logging.rb:80:in `tagged'
railties (6.0.2.1) lib/rails/rack/logger.rb:26:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
request_store (1.4.1) lib/request_store/middleware.rb:19:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.1.1) lib/rack/method_override.rb:24:in `call'
rack (2.1.1) lib/rack/runtime.rb:24:in `call'
rack-attack (6.2.1) lib/rack/attack.rb:170:in `call'
activesupport (6.0.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/static.rb:126:in `call'
rack (2.1.1) lib/rack/sendfile.rb:113:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
webpacker (4.2.2) lib/webpacker/dev_server_proxy.rb:23:in `perform_request'
rack-proxy (0.6.5) lib/rack/proxy.rb:57:in `call'
railties (6.0.2.1) lib/rails/engine.rb:526:in `call'
puma (4.3.1) lib/puma/configuration.rb:228:in `call'
puma (4.3.1) lib/puma/server.rb:681:in `handle_request'
puma (4.3.1) lib/puma/server.rb:472:in `process_client'
puma (4.3.1) lib/puma/server.rb:328:in `block in run'
puma (4.3.1) lib/puma/thread_pool.rb:134:in `block in spawn_thread'
Rack master (https://github.com/rack/rack/commit/01556901e519159982c28a8511b18ffb22f0454d), ActiveRecord Session Store 1.1.3
TypeError
can't cast Rack::Session::SessionId
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/quoting.rb:34:in `rescue in type_cast'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/quoting.rb:24:in `type_cast'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/quoting.rb:203:in `block in type_casted_binds'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/quoting.rb:203:in `map'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/quoting.rb:203:in `type_casted_binds'
activerecord (6.0.2.1) lib/active_record/connection_adapters/postgresql_adapter.rb:682:in `exec_cache'
activerecord (6.0.2.1) lib/active_record/connection_adapters/postgresql_adapter.rb:655:in `execute_and_clear'
activerecord (6.0.2.1) lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `exec_query'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/database_statements.rb:491:in `select_prepared'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/database_statements.rb:68:in `select_all'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/query_cache.rb:105:in `block in select_all'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/query_cache.rb:123:in `block in cache_sql'
/Users/alex/.rbenv/versions/2.6.5/lib/ruby/2.6.0/monitor.rb:235:in `mon_synchronize'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/query_cache.rb:114:in `cache_sql'
activerecord (6.0.2.1) lib/active_record/connection_adapters/abstract/query_cache.rb:105:in `select_all'
activerecord (6.0.2.1) lib/active_record/querying.rb:46:in `find_by_sql'
activerecord (6.0.2.1) lib/active_record/relation.rb:810:in `block in exec_queries'
activerecord (6.0.2.1) lib/active_record/relation.rb:828:in `skip_query_cache_if_necessary'
activerecord (6.0.2.1) lib/active_record/relation.rb:797:in `exec_queries'
activerecord (6.0.2.1) lib/active_record/relation.rb:615:in `load'
activerecord (6.0.2.1) lib/active_record/relation.rb:250:in `records'
activerecord (6.0.2.1) lib/active_record/relation.rb:245:in `to_ary'
activerecord (6.0.2.1) lib/active_record/relation/finder_methods.rb:528:in `find_nth_with_limit'
activerecord (6.0.2.1) lib/active_record/relation/finder_methods.rb:513:in `find_nth'
activerecord (6.0.2.1) lib/active_record/relation/finder_methods.rb:120:in `first'
activerecord-session_store (1.1.3) lib/active_record/session_store/session.rb:58:in `find_by_session_id'
activerecord-session_store (1.1.3) lib/action_dispatch/session/active_record_store.rb:124:in `block in get_session_model'
activerecord-session_store (1.1.3) lib/active_record/session_store/extension/logger_silencer.rb:47:in `silence_logger'
activerecord-session_store (1.1.3) lib/action_dispatch/session/active_record_store.rb:123:in `get_session_model'
activerecord-session_store (1.1.3) lib/action_dispatch/session/active_record_store.rb:83:in `block in write_session'
activerecord-session_store (1.1.3) lib/active_record/session_store/extension/logger_silencer.rb:47:in `silence_logger'
activerecord-session_store (1.1.3) lib/action_dispatch/session/active_record_store.rb:82:in `write_session'
rack (01556901e519) lib/rack/session/abstract/id.rb:396:in `commit_session'
rack (01556901e519) lib/rack/session/abstract/id.rb:276:in `context'
rack (01556901e519) lib/rack/session/abstract/id.rb:268:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/cookies.rb:648:in `call'
activerecord (6.0.2.1) lib/active_record/migration.rb:567:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.2.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.2.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
rack-contrib (2.1.0) lib/rack/contrib/response_headers.rb:17:in `call'
meta_request (0.7.2) lib/meta_request/middlewares/headers.rb:16:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.0.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.2.1) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.0.2.1) lib/active_support/tagged_logging.rb:80:in `block in tagged'
activesupport (6.0.2.1) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (6.0.2.1) lib/active_support/tagged_logging.rb:80:in `tagged'
railties (6.0.2.1) lib/rails/rack/logger.rb:26:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
request_store (1.4.1) lib/request_store/middleware.rb:19:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (01556901e519) lib/rack/method_override.rb:24:in `call'
rack (01556901e519) lib/rack/runtime.rb:24:in `call'
rack-attack (6.2.1) lib/rack/attack.rb:170:in `call'
activesupport (6.0.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/static.rb:126:in `call'
rack (01556901e519) lib/rack/sendfile.rb:113:in `call'
actionpack (6.0.2.1) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
webpacker (4.2.2) lib/webpacker/dev_server_proxy.rb:23:in `perform_request'
rack-proxy (0.6.5) lib/rack/proxy.rb:57:in `call'
railties (6.0.2.1) lib/rails/engine.rb:526:in `call'
puma (4.3.1) lib/puma/configuration.rb:228:in `call'
puma (4.3.1) lib/puma/server.rb:681:in `handle_request'
puma (4.3.1) lib/puma/server.rb:472:in `process_client'
puma (4.3.1) lib/puma/server.rb:328:in `block in run'
puma (4.3.1) lib/puma/thread_pool.rb:134:in `block in spawn_thread'
Let me know if I can provide any additional information 😄
Running into this issue as well - seems like it would be fairly widespread at this point but odd no on else has chimed in. This is an issue for me in a standard Rails application but not in a Rails API-only application.
Update: I was able to resolve my issue by modifying my config/initializers/session_store.rb
code to the following:
Rails.application.config.session_store :active_record_store, key: '.....
It had originally been the following, which had worked for my Rails API-only application.
Rails.application.config.middleware.use ActionDispatch::Cookies
Rails.application.config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::ActiveRecordStore, key: '...
@jskirst I have the same thing as you and it doesn't fix my issue.
Any update on this issue?
We are hitting this as well after upgrading to 2.0 of this gem. In our case, we have middleware for fast autocomplete/typeahead functionality.
We look up the session with:
session = ActiveRecord::SessionStore::Session.find_by_session_id( request.cookies[session_key] )
request.cookies[session_key]
is different than what is in the session_id
in the database and so the above no longer works.
However, we were able to solve it with:
sid = Rack::Session::SessionId.new( request.cookies[session_key] )
sid.public_id # maps to what is stored in the cookie, obvs
sid.private_id # maps to what is stored in the database
session = ActiveRecord::SessionStore::Session.find_by_session_id( sid.private_id )
I don't know if this is the best, most idiomatic way to solve this but it works for us for now.
The issue on master mentioned by @kaoru probably needs to be fixed in activerecord-session-store. It should now store and lookup the
private_id
of the session_id object in the database. The previous way of looking up the session directly using the session_id is prone to a timing attack, which is the reason rack's API was changed.Originally posted by @jeremyevans in https://github.com/rack/rack/issues/1522#issuecomment-578800357