redis-store / redis-rack Goto Github PK
View Code? Open in Web Editor NEWRedis session store for Rack
Home Page: http://redis-store.org/redis-rack
License: MIT License
Redis session store for Rack
Home Page: http://redis-store.org/redis-rack
License: MIT License
I've implemented the redis rack with azure redis. The expectation was the session token will be invalid once the user is logout since the session is stored in the redis. But that didn't happen. I'm still able to use the session token in the postman request even after logout and getting the correct response.
Please let me know if i miss anything
Can we get a new gem version published including #11 ?
Greetings, I'm trying to setup a redis session store on Heroku, but want to specify the ssl_params
option in connecting to Redis. I'm able to make a connection with a regular redis://
connection but not with rediss://
.
The following works with a plain Redis gem connection:
redis = Redis.new(
url: @config.REDIS_TLS_URL,
ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }
)
I wished to do something similar with redis-rack
:
use Rack::Session::Redis,
expire_after: ONE_MONTH,
redis_server: config.REDIS_TLS_URL,
ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }
However, the connection is failing and suggests that the ssl_params is not being found:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
/Users/soumyaray/.rbenv/versions/3.0.1/lib/ruby/gems/3.0.0/gems/redis-4.2.5/lib/redis/connection/ruby.rb:260:in `connect_nonblock'
# rest of traceback removed
Hello @tubbo
if you could release 1.6.1 with this small fix
this is all I need to use redis-activesupport 5.0.2 and all the redis-* 5.x on a rails 4.2 app
this is what I am using now
gem 'redis', '~> 3.1.0'
gem 'redis-store', '~> 1.3.0'
gem 'redis-activesupport', '~> 5.0.2'
gem 'redis-actionpack', '~> 5.0.1'
gem 'redis-namespace'
gem 'redis-rails', '~> 5.0.2'
gem 'redis-rack', github: 'venuenext/redis-rack', branch: '1.6.x'
gem 'redis-rack-cache'
thanks
In redis-store/redis-actionpack#22, an issue occurred in an unrelated gem because the ActionDispatch::Session::RedisStore
class is not inheriting from AbstractStore
, but still mixing in all of its functionality. To allow the redis session store to become identified as a canonical session store, move the functionality from Rack::Session::Redis
into modules, and include those modules into the former base class. This will allow ActionDispatch::Session::RedisStore
to inherit from ActionDispatch::Session::AbstractStore
and preserve the functionality from Rack::Session::Redis
.
The use of Rack:Session::Abstract::ID
is deprecated and should be replaced with Rack::Session::Abstract::Persisted
.
See: rack/rack@4224c02
Would be great if this could be updated in a new release to ensure compatibility with newer versions of Rack.
transactional_write_session
in 2.1.0+ merges stored sessions with the session being written. This means that the session can't remove keys!
Functionally, in my Rails 5.2 app, this means that the flash
is never disappearing. In the course of a normal request, the flash stored in the session is consumed, and Rails, finding no further flash to store, deletes the flash key from session, but because redis-rack can't persist the session with the removed "flash" key, the flash is read from the existing store and merged into the payload written, effectively preserving it indefinitely.
Here's a simple test to illustrate the issue. Just add it into test/rack/session/redis_test.rb
:
it "doesn't persist keys that don't exist in the incoming session" do
app = lambda do |env|
req = Rack::Request.new(env)
req.session[req.params["add"]] = true if req.params["add"]
req.session.delete req.params["remove"] if req.params["remove"]
Rack::Response.new(env["rack.session"].inspect).to_a
end
with_pool_management(app) do |pool|
req = Rack::MockRequest.new(pool)
res = req.get("/?add=foo")
cookie = res["Set-Cookie"]
session_id = cookie[session_match, 1]
sid = Rack::Session::SessionId.new(session_id)
session = pool.with { |c| c.get(sid.private_id) }
session.must_equal("foo" => true)
res = req.get("/?add=bar", "HTTP_COOKIE" => cookie)
session = pool.with { |c| c.get(sid.private_id) }
session.must_equal("foo" => true, "bar" => true)
res = req.get("/?remove=foo", "HTTP_COOKIE" => cookie)
session.must_equal("bar" => true) # <-- The test will fail here: the payload is {"foo" => true, "bar" => true}
end
end
Here is how i implemented in a sinatra application:
redis_options = {
host: hostname,
port: port,
password: password,
db: 1,
ssl: true
}
use Rack::Session::Redis, redis_server: redis_options, expire_after: 86400
But the token, it's generation is same even after the logout for a user. This seems to me a security threat. Can please help me if missing on any configuration part.
Error caused whenever the session is accessed:
ArgumentError - wrong number of arguments (given 3, expected 2):
redis (3.2.2) lib/redis.rb:750:in setnx' () Users/jblake/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/bundler/gems/redis-rack-83a7b7b895bb/lib/rack/session/redis.rb:39:in
block (2 levels) in generate_unique_sid'
This is what I setup:
redis_conn = proc {
Redis.new(url: ENV.fetch('REDIS_URL'))
}
$redis = ConnectionPool.new(size: ENV.fetch('REDIS_POOL', 5), &redis_conn)
uri = URI.parse(ENV.fetch('REDIS_URL'))
Rails.application.config.session_store :redis_store, {
servers: {
host: uri.host,
port: uri.port || nil,
password: uri.password,
namespace: 'sessions'
},
domain: :all,
tld_length: 2,
namespace: :session,
pool: $redis
}
Looking at the source code, if I were to pass a pool_size instead, you use the Redis Factory to create the redis instance, whereas I'm using Redis.new
. Maybe this is an incompatibility, I don't know, all I know is that I want to share the same ConnectionPool for my session store and sidekiq client (I think this is a good idea?)
Sidekiq.configure_client do |config|
config.redis = $redis
end
Hi,
Thank you for your great work.
redis-store is now 1.4.0, but redis-rack/redis-actionpack/redis-activesupport still requires 1.3.0, when will these gems be released?
Thanks.
Hi, I am packaging redis-rack for debian and whule running the tests, I am getting an error.
The full log is given here - http://pastebin.com/vRcnBFQr
Can you help me solve this?
When upgrading the various redis-* gems recently, I ran into a problem where the contents of the session appears to get mangled when signing in via Devise. I've tried to narrow this down further, but I'm not familiar enough with the session internals to get to the bottom.
My best reproduction was creating a brand new Rails app. Add devise, redis, and redis-rails. Make a session_store initializer:
Rails.application.config.session_store :redis_store, key: '_my_session', signed: true, expire_after: 1.week
Make the ApplicationController be:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
end
Make a root route and attempt to sign up on the website.
redis-rack: 2.1.2, redis-actionpack: 5.2.0
The authenticity token fails to match.
If you downgrade to redis-rack: 2.0.6, redis-actionpack: 5.1.0
All of the devise actions work.
I have uploaded my demo app here: https://github.com/BoboFraggins/redis-rack-error
I know I can set key prefix by adding it after db number of redis url.
Redis::Rack::Connection.new(redis_server: 'redis://localhost/0').store.set('baz', 'aaaa')
# => key is "baz"
Redis::Rack::Connection.new(redis_server: 'redis://localhost/0/foobar').store.set('baz', 'aaaa')
# => key is "foobar:baz"
But it is not a valid redis url in https://www.iana.org/assignments/uri-schemes/prov/redis .
(There is no leading string after db-number in url path)
I find why key prefix works by reading your source:
Redis::Rack::Connection
gives only redis_server
value option to Redis::Store::Factory
.
https://github.com/redis-store/redis-rack/blob/v2.1.3/lib/redis/rack/connection.rb#L34-L36
redis-store/redis-store
parses given url, use namespace as key prefix.
https://github.com/redis-store/redis-store/blob/v1.9.0/lib/redis/store/factory.rb#L72-L84
Is it a valid specification of redis-store
, which keeping in future version?
Otherwise, can you give a namespace (or key prefix) option to carry it to redis-store?
Hi there! Any plans to support it?
Thank you!
Need help clearing up the following
I'm using redis-rack with Hanami and Hanami model.
Currently I'm storing the entire user as session[current_user] = user
which returns all the user data in the array of hashes as shown below. I've left some of the data out for brevity. The problem is, that I can't parse the data below due to the following:
The time is not formatted as string: "session_start_time"=>2018-03-29 09:48:04 +0200
=> I guess I can fix this when setting the time.
The comment sign: "current_user"=>#1
And the greater than and curly braces >}
What I've also noticed is that after I clear the session in the logout action like session.clear
there are still references to that session as seen in the empty hashes below.
[ {
"_csrf_token"=>"token",
"LOCK"=>"Off",
"session_start_time"=>2018-03-29 09:48:04 +0200,
"__last_request_id"=>"fa7b2343a245e7d80455bd56dfe0b665",
"__flash"=>{
"bb3eab2445e49b7d32b33552f3b7a1ef"=>{:success_notice=>"Login successful."},
"fa7b2343a245e7d80455bd56dfe0b665"=>{}
},
"current_user"=>#1,
:name=>"my_name",
:surname=>"my_surname",
:email=>"[email protected]" }>},
{},
{ "__flash"=>{ "0ae1af60026095a75b99902b2bb3b755"=>{:success_notice=>"Logout successful."}, "37858ee72e55d2e307e53732209cc4df"=>{} },
"__last_request_id"=>"37858ee72e55d2e307e53732209cc4df",
"_csrf_token"=>"token",
"LOCK"=>"Off" },
{},
{} ]
Hi, I'm not sure that I'm testing the right thing, and perhaps I'm not understanding the correct behavior, but I don't think that this gem is setting an expiration on the keys that it stores in redis.
If I setup a simple app with the following settings:
$redis = ConnectionPool.new(size: 25, timeout: 3) do
Redis.new(url: 'redis://localhost)
end
use Rack::Session::Redis, pool: $redis, key: 'session',
expires_in: 3600 # 1 hour
And then issue a request:
curl -sI http://localhost:9292 | grep Set-Cookie
Set-Cookie: session=d80dcc50e63c454dc467d3cc703e84f514b790f5ef6c20bbbb7f18be2c22cce5; path=/; HttpOnly
And then ask redis what the ttl is for the associated key:
127.0.0.1:6379> ttl d80dcc50e63c454dc467d3cc703e84f514b790f5ef6c20bbbb7f18be2c22cce5
(integer) -1
There is no TTL set on the key, but I think that there should be, no? Or am I misunderstanding how the expires_in
option works?
Cheers
I am reluctant to bring this up but I don't even know where to begin with this issue.
My terminology is wrong, too. I guess gems are invoked by shell scripts that fire up ruby, load gems, and then invoke the gem in question. Those ruby scripts are getting trashed, being over-written with redis-rack.
So far it's happened to the rake command and the appraisal command.
#!/usr/bin/env ruby
#
# This file was generated by RubyGems.
#
# The application 'redis-rack' is installed as part of a gem, and
# this file is here to facilitate running it.
#
require 'rubygems'
version = ">= 0.a"
if ARGV.first
str = ARGV.first
str = str.dup.force_encoding("BINARY") if str.respond_to? :force_encoding
if str =~ /\A_(.*)_\z/ and Gem::Version.correct?($1) then
version = $1
ARGV.shift
end
end
load Gem.activate_bin_path('redis-rack', 'appraisal', version)
Here is appraisal and the end of the shim says "redis-rack". This also happened to my rake command. It keeps happening when I switch ruby versions.
Sorry about the empty looking Issue. I pressed return before entering the description.
can you add something to the readme about how to configure this? i want to change the session store to point to a redis box on another machine. how do i do that?
Using the Redis gem > 4.2, we can't write anything to the session using redis-rack and a redis session.
Below is a repo-script. Using with 4.1.4 works fine; with 4.2 it throws an exception:
/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/redis-4.2.1/lib/redis.rb:836: warning: The called method `set' is defined here
ArgumentError: unknown keywords: :path, :domain, :expire_after, :secure, :httponly, :defer, :renew, :sidbits, :secure_random, :redis_server
/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/redis-4.2.1/lib/redis.rb:836:in `set'
/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/redis-store-1.8.2/lib/redis/store/interface.rb:9:in `set'
/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/redis-store-1.8.2/lib/redis/store/ttl.rb:8:in `set'
As far as I can tell, this is because of the change under this commit to the redis gem that removed the options
in favour of explicit keyword arguments.
We can fix our version of redis to 4.1.4 to get around this for now, but this does appear to be something that redis-store will need fixing for too.
#!/usr/bin/env ruby
require 'bundler/inline'
REDIS_VERSION = "4.1.4"
# REDIS_VERSION = "4.2.1" # boom
gemfile do
source 'https://rubygems.org'
ruby '2.7.1'
gem "rack"
gem "redis", REDIS_VERSION
gem "redis-rack"
end
class Sesh
def call(env)
env['rack.session']['id'] = 1
[200, {}, ["Using #{REDIS_VERSION}"]]
end
end
handler = Rack::Builder.new do
use Rack::Session::Redis
run Sesh.new
end
run handler
Rack::Session::Redis#generate_unique_sid
is a method that generates new unique session key that it does not conflict with an existing session key.
But it seems does not work well after #37 PR.
session.empty?
.
session
is always empty hash.
I checked with the following code, which is prone to session key collisions.
require "bundler/inline"
gemfile do
source "https://rubygems.org"
gem "sinatra", "2.2.0"
gem "webrick", "1.7.0"
gem "redis-rack", "2.1.4"
end
require "sinatra"
require "redis-rack"
# Returns a counted-up value for each invocation since the process was started
class Countup
def self.hex(len)
@count ||= 0
@count += 1
sprintf("%0#{len}d", @count)
end
end
enable :sessions
set :sessions, secure_random: Countup
set :session_store, Rack::Session::Redis
get "/" do
session[:access] ||= 0
session[:access] += 1
"sid: #{session.id}, access: #{session[:access]}"
end
Sinatra::Application.run!
ruby app.rb
session[:access]
increases with each access.ruby app.rb
application and relaunch.session[:access]
is initialized.session
is shared with first browser and secret browser.The above situation occurs even with correct random number generation logic, although the collisions are fewer.
Revert #37 is easy way, maybe.
If you want to avoid that, it would require a more complicated modification.
This will make it show up on rubygems.org. I'm doing due diligence on our gems and need to find out the licenses for all the gems. Having it show up on rubygems.org cuts out the step of having to go to the github repo.
Hi,
I'm affected by #1 (no way to pass configuration options) but it's still not released.
Could you publish a new release?
Regards
Unexpected error while processing request: undefined method `private_id' for #<String:0x0000557f81ac6150>
Did you mean? private_methods
/usr/local/bundle/gems/redis-rack-2.1.3/lib/rack/session/redis.rb:49:in `block (2 levels) in write_session'
rack (2.2.3), redis-rack 2.1.3, redis-store 1.9.0, sinatra 2.1.0
Any ideas why that method is failing?
After doing a single web request I see
redis 127.0.0.1:6379> keys *
1) "b222a5953b43e7794b729c81901142a784514a2427c0b9eda48ef8c439d38fdc"
2) "e1e5e0c094c35ed8ca9bb24029cf7da96cb3616b0828a805e00afb36800de687"
I want a namespace for session keys so they dont polute top level
I'm getting an NoMethodError - undefined method `private_id' in version 2.1.2. My application is working with version 2.0.6 - no other changes.
This matches the error referenced by @Looooong in #50 (comment)
Gems:
Backtrace:
/ruby/2.6.5/gems/redis-rack-2.1.2/lib/rack/session/redis.rb in block (2 levels) in write_session
with { |c| c.set sid.private_id, new_session, options }
/ruby/2.6.5/gems/redis-rack-2.1.2/lib/redis/rack/connection.rb in with
block.call(store)
/ruby/2.6.5/gems/redis-rack-2.1.2/lib/rack/session/redis.rb in with
@conn.with(&block)
/ruby/2.6.5/gems/redis-rack-2.1.2/lib/rack/session/redis.rb in block in write_session
with { |c| c.set sid.private_id, new_session, options }
/ruby/2.6.5/gems/redis-rack-2.1.2/lib/rack/session/redis.rb in with_lock
yield
/ruby/2.6.5/gems/redis-rack-2.1.2/lib/rack/session/redis.rb in write_session
with_lock(req, false) do
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/session/abstract/id.rb in commit_session
if not data = write_session(req, session_id, session_data, options)
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/session/abstract/id.rb in context
commit_session(req, res)
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/session/abstract/id.rb in call
context(env)
/ruby/2.6.5/gems/rack-protection-2.0.8.1/lib/rack/protection/xss_header.rb in call
status, headers, body = @app.call(env)
/ruby/2.6.5/gems/rack-protection-2.0.8.1/lib/rack/protection/path_traversal.rb in call
app.call env
/ruby/2.6.5/gems/rack-protection-2.0.8.1/lib/rack/protection/json_csrf.rb in call
status, headers, body = app.call(env)
/ruby/2.6.5/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb in call
result or app.call(env)
/ruby/2.6.5/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb in call
result or app.call(env)
/ruby/2.6.5/gems/rack-protection-2.0.8.1/lib/rack/protection/frame_options.rb in call
status, headers, body = @app.call(env)
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/logger.rb in call
@app.call(env)
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/common_logger.rb in call
status, headers, body = @app.call(env)
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in call
call_without_check(env)
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in call
env['sinatra.commonlogger'] ? @app.call(env) : super
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/head.rb in call
status, headers, body = @app.call(env)
/ruby/2.6.5/gems/rack-2.2.2/lib/rack/method_override.rb in call
@app.call(env)
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/show_exceptions.rb in call
@app.call(env)
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in call
result, callback = app.call(env), env['async.callback']
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in call
@stack.call(env)
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in block in call
synchronize { prototype.call(env) }
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in synchronize
yield
/ruby/2.6.5/gems/sinatra-2.0.8.1/lib/sinatra/base.rb in call
synchronize { prototype.call(env) }
/ruby/2.6.5/gems/puma-4.3.3/lib/puma/configuration.rb in call
@app.call(env)
/ruby/2.6.5/gems/puma-4.3.3/lib/puma/server.rb in handle_request
status, headers, res_body = @app.call(env)
/ruby/2.6.5/gems/puma-4.3.3/lib/puma/server.rb in process_client
case handle_request(client, buffer)
/ruby/2.6.5/gems/puma-4.3.3/lib/puma/server.rb in block in run
process_client client, buffer
/ruby/2.6.5/gems/puma-4.3.3/lib/puma/thread_pool.rb in block in spawn_thread
block.call(work, *extra)
There are no instructions for how to configure the connection parameters in the Readme.
They are also not in the parent project, but the parent project Readme says that they should be in the child projects.
I'm not sure if this is an issue with the gem or with our usage of it, but upon updating, our application no longer allowed people to log in. I figured I can open this here in case other people see something similar.
The changes in #37 seem relevant, but I'm going to try and do a bit more digging.
I was developing a Rails app that switches the session store to redis and accidentally set expire_after: nil
. I found a strange behavior with that setting and I'd like to report it.
expire_after: nil
setting makes lifetime mismatch
With expire_after: nil
setting, client's session key is sometime expired, but session value is not expired.
So the redis will accumulate more and more non-volatile keys.
Of course, I am aware that using the redis session store with expire_after: nil
is not a good idea. However, the current behavior is confused for me.
I checked with the following code.
require "bundler/inline"
gemfile do
source "https://rubygems.org"
gem "sinatra", "2.2.0"
gem "webrick", "1.7.0"
gem "redis-rack", "2.1.4"
end
require "sinatra/base"
require "redis-rack"
enable :sessions
set :session_store, Rack::Session::Redis, expire_after: nil
get "/" do
session[:data] = "hello"
end
Sinatra::Application.run!
ruby app.rb
How the expire_after: nil
setting should work.
Storing session with expire_after: nil
in the session cookie setting is rack's default behavior.
This method seems the least confusing.
There may be some confusion because the default session behavior of rack.
However, it may be consistent within redis-rack.
As I described earlier, I think it is a confusing and not happy behavior.
I followed the instructions in the redis-rails' readme to do something like this:
# config/environments/production.rb
config.action_dispatch.rack_cache = {
metastore: 'redis://localhost:6379/1/metastore',
entitystore: 'redis://localhost:6379/1/entitystore'
}
however every rack cache is a pass. Debugging a bit, I found that anytime rack tries to instantiate the store (redis in our case), it won't because it doesn't seem like one of the store types they support. This error is thrown for me: https://github.com/rtomayko/rack-cache/blob/129dc7ab063c1ce9b4cfd5eb77fbd7fe36ba2aca/lib/rack/cache/storage.rb#L50
And even with redis-rails
in my Gemfile and installed, the list of supported store types for Rack looks like this:
=> [:Heap,
:HEAP,
:MEM,
:Disk,
:DISK,
:FILE,
:MemCacheBase,
:Dalli,
:MemCached,
:MEMCACHE,
:MEMCACHED,
:GAEStore,
:GAECACHE,
:GAE,
:RAILS]
:RAILS
isn't one of the type constants listed in rack-cache, so I'm guessing that's what the redis-rack
gem added, but obviously it should be :REDIS
instead of :RAILS
or the configuration option should be rails://127...
but the latter is confusing to the end user.
I'm trying to find where this constant is added so I can fix it. Any guidance here would be appreciated.
I'm getting:
Bundler could not find compatible versions for gem "rack":
In Gemfile:
rails (~> 4.1.0) ruby depends on
actionpack (= 4.1.0) ruby depends on
rack (~> 1.5.2) ruby
redis-rails (>= 0) ruby depends on
redis-actionpack (~> 4) ruby depends on
redis-rack (~> 1.5.0) ruby depends on
rack (1.5.0)
Updating the gem dependency to "~> 1.5.0" should be fine.
see
https://rubygems.org/gems/redis-rack
Fetching gem metadata from https://rubygems.org/......
Could not find redis-rack-2.1.1 in any of the sources
https://github.com/redis-store/redis-rack/blob/master/lib/rack/session/redis.rb#L76
rescues for Errno::ECONNREFUSED
however the redis gem raises:
::Redis::CannotConnectError
and if you catch this there is another location a NotMethodError is thrown on set_session. Would a pull request to add an option to raise or suppress errors similar to redis-activesupport gem be useful?
I've monkey-patched our application so if redis is not available the public facing application still renders but you cannot log in. If you think this is useful I can submit a pull request.
Hello, @tubbo ! ๐
Thanks for you work on this gem ๐ป
Is there any plans to release a official 2.1.4 version? Because there are codes present in master, but not released together with 2.1.3 (code made by a PR from @krzysiek1507 ๐ค ):
Thanks a lot!
I got this message every time using rake on a project that already have bundled it, no question if it is illegal or not, I've read that Bundler put that there I believe? but is it need/worth?
The `rake` executable in the `rake` gem is being loaded, but it's also present in other gems (redis-rack).
If you meant to run the executable for another gem, make sure you use a project specific binstub (`bundle binstub <gem_name>`).
If you plan to use multiple conflicting executables, generate binstubs for them and disambiguate their names.
This has the same underlying cause as #32.
If I have redis-rack
installed, then gem install rake
subsequently fails. This is because redis-rack
erroneously lists rake
as an included executable in its gemspec.
$ gem install rake
rake's executable "rake" conflicts with redis-rack
Overwrite the executable? [yN] n
ERROR: Error installing rake:
"rake" from rake conflicts with installed executable from redis-rack
I'll provide a PR.
If you check rack/session/redis.rb#L39 provide 3 arguments to Redis#setnx which it only accept 2 arguments(key & value). Why is it your including the @default_options
when saving the session to redis
?
Browser HAR File: debug.har.zip
Log:
api_1 | 02:36:06 app.1 | ArgumentError - wrong number of arguments (given 3, expected 2):
api_1 | 02:36:06 app.1 | redis (3.3.3) lib/redis.rb:790:in `setnx'
api_1 | 02:36:06 app.1 | redis-namespace (1.5.3) lib/redis/namespace.rb:435:in `call_with_namespace'
api_1 | 02:36:06 app.1 | redis-namespace (1.5.3) lib/redis/namespace.rb:321:in `method_missing'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:39:in `block (2 levels) in generate_unique_sid'
api_1 | 02:36:06 app.1 | connection_pool (2.2.1) lib/connection_pool.rb:64:in `block (2 levels) in with'
api_1 | 02:36:06 app.1 | connection_pool (2.2.1) lib/connection_pool.rb:63:in `handle_interrupt'
api_1 | 02:36:06 app.1 | connection_pool (2.2.1) lib/connection_pool.rb:63:in `block in with'
api_1 | 02:36:06 app.1 | connection_pool (2.2.1) lib/connection_pool.rb:60:in `handle_interrupt'
api_1 | 02:36:06 app.1 | connection_pool (2.2.1) lib/connection_pool.rb:60:in `with'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:88:in `with'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:38:in `block in generate_unique_sid'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:36:in `loop'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:36:in `generate_unique_sid'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:52:in `block in get_session'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:75:in `with_lock'
api_1 | 02:36:06 app.1 | redis-rack (2.0.2) lib/rack/session/redis.rb:49:in `get_session'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/session/abstract/id.rb:425:in `find_session'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/session/abstract/id.rb:280:in `load_session'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/session/abstract_store.rb:56:in `block in load_session'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/session/abstract_store.rb:64:in `stale_session_check!'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/session/abstract_store.rb:56:in `load_session'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/request/session.rb:216:in `load!'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/request/session.rb:208:in `load_for_read!'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/request/session.rb:90:in `[]'
api_1 | 02:36:06 app.1 | warden (1.2.7) lib/warden/session_serializer.rb:31:in `fetch'
api_1 | 02:36:06 app.1 | warden (1.2.7) lib/warden/proxy.rb:213:in `user'
api_1 | 02:36:06 app.1 | warden (1.2.7) lib/warden/proxy.rb:145:in `authenticated?'
api_1 | 02:36:06 app.1 | config/initializers/rack.rb:92:in `block in <main>'
api_1 | 02:36:06 app.1 | lib/rack/rate_limit.rb:13:in `max_per_hour'
api_1 | 02:36:06 app.1 | rack-throttle (0.5.0) lib/rack/throttle/time_window.rb:13:in `allowed?'
api_1 | 02:36:06 app.1 | lib/rack/rate_limit.rb:7:in `call'
api_1 | 02:36:06 app.1 | warden (1.2.7) lib/warden/manager.rb:36:in `block in call'
api_1 | 02:36:06 app.1 | warden (1.2.7) lib/warden/manager.rb:35:in `catch'
api_1 | 02:36:06 app.1 | warden (1.2.7) lib/warden/manager.rb:35:in `call'
api_1 | 02:36:06 app.1 | versionist (1.6.0) lib/versionist/middleware.rb:39:in `_call'
api_1 | 02:36:06 app.1 | versionist (1.6.0) lib/versionist/middleware.rb:17:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/etag.rb:25:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/conditional_get.rb:25:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/head.rb:12:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/session/abstract/id.rb:232:in `context'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/session/abstract/id.rb:226:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/cookies.rb:613:in `call'
api_1 | 02:36:06 app.1 | activerecord (5.0.6) lib/active_record/migration.rb:553:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/callbacks.rb:97:in `__run_callbacks__'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/callbacks.rb:90:in `run_callbacks'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/callbacks.rb:36:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/executor.rb:12:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
api_1 | 02:36:06 app.1 | better_errors (2.3.0) lib/better_errors/middleware.rb:84:in `protected_app_call'
api_1 | 02:36:06 app.1 | better_errors (2.3.0) lib/better_errors/middleware.rb:79:in `better_errors_call'
api_1 | 02:36:06 app.1 | better_errors (2.3.0) lib/better_errors/middleware.rb:57:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
api_1 | 02:36:06 app.1 | railties (5.0.6) lib/rails/rack/logger.rb:36:in `call_app'
api_1 | 02:36:06 app.1 | railties (5.0.6) lib/rails/rack/logger.rb:24:in `block in call'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/tagged_logging.rb:69:in `block in tagged'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/tagged_logging.rb:26:in `tagged'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/tagged_logging.rb:69:in `tagged'
api_1 | 02:36:06 app.1 | railties (5.0.6) lib/rails/rack/logger.rb:24:in `call'
api_1 | 02:36:06 app.1 | sprockets-rails (3.2.1) lib/sprockets/rails/quiet_assets.rb:13:in `call'
api_1 | 02:36:06 app.1 | request_store (1.3.2) lib/request_store/middleware.rb:9:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/request_id.rb:24:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/method_override.rb:22:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/runtime.rb:22:in `call'
api_1 | 02:36:06 app.1 | activesupport (5.0.6) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/executor.rb:12:in `call'
api_1 | 02:36:06 app.1 | actionpack (5.0.6) lib/action_dispatch/middleware/static.rb:136:in `call'
api_1 | 02:36:06 app.1 | rack (2.0.3) lib/rack/sendfile.rb:111:in `call'
api_1 | 02:36:06 app.1 | rack-mini-profiler (0.10.5) lib/mini_profiler/profiler.rb:282:in `call'
api_1 | 02:36:06 app.1 | rack-cors (1.0.1) lib/rack/cors.rb:93:in `call'
api_1 | 02:36:06 app.1 | railties (5.0.6) lib/rails/engine.rb:522:in `call'
api_1 | 02:36:06 app.1 | puma (3.10.0) lib/puma/configuration.rb:225:in `call'
api_1 | 02:36:06 app.1 | puma (3.10.0) lib/puma/server.rb:605:in `handle_request'
api_1 | 02:36:06 app.1 | puma (3.10.0) lib/puma/server.rb:437:in `process_client'
api_1 | 02:36:06 app.1 | puma (3.10.0) lib/puma/server.rb:301:in `block in run'
api_1 | 02:36:06 app.1 | puma (3.10.0) lib/puma/thread_pool.rb:120:in `block in spawn_thread'
api_1 | 02:36:06 app.1 | logging (2.2.2) lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
Greetings and thank you for providing this gem.
Snyk is reporting a vulnerability and I am hunting down gems in use in my project that have not released a version that supports Rack 3 yet. This seems to be one of them. Rails 7.1.0 also expects Rack > 3.0, it seems.
I see there was an update merged last year (#73) but it is not yet released. Is there a timeline for the next release?
This is the exact mismatch error I receive:
In Gemfile:
rails (~> 7.1.0, >= 7.1) was resolved to 7.1.2, which depends on
actionpack (= 7.1.2) was resolved to 7.1.2, which depends on
rack-session (>= 1.0.1) was resolved to 2.0.0, which depends on
rack (>= 3.0.0)
redis-actionpack (>= 5.3.0) was resolved to 5.3.0, which depends on
redis-rack (>= 2.1.0, < 3) was resolved to 2.1.4, which depends on
rack (>= 2.0.8, < 3)
With redis-rack 2.1.3, I got this error.
NoMethodError:
undefined method `public_id' for "b2df46eb3fa3bdfc657fd814bc668114":String
Did you mean? public_send
# /usr/local/bundle/gems/redis-rack-2.1.3/lib/rack/session/redis.rb:57:in `block (2 levels) in delete_session'
# /usr/local/bundle/gems/redis-rack-2.1.3/lib/redis/rack/connection.rb:22:in `with'
# /usr/local/bundle/gems/redis-rack-2.1.3/lib/rack/session/redis.rb:82:in `with'
# /usr/local/bundle/gems/redis-rack-2.1.3/lib/rack/session/redis.rb:56:in `block in delete_session'
# /usr/local/bundle/gems/redis-rack-2.1.3/lib/rack/session/redis.rb:70:in `with_lock'
# /usr/local/bundle/gems/redis-rack-2.1.3/lib/rack/session/redis.rb:55:in `delete_session'
# /usr/local/bundle/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:379:in `commit_session'
commit_session
in rack calls delete_session
which is overridden by rack-redis, however, a string is passed for the second argument when the method is called.
https://github.com/rack/rack/blob/2-2-stable/lib/rack/session/abstract/id.rb#L378
This change might be related.
https://github.com/redis-store/redis-rack/pull/50/files#diff-c50b22f679eb8e97b8f1dcda1da50f4bR57-R58
Any workaround?
Done nothing, no code or config changes done.
Expected to easily deploy a new image given that there is NO change set in the associated repository/code.
Getting unknown errors involving below 2 main problems, thereby not enabling a normal deployment with the same code:
/usr/local/bundle/gems/ruby-next-core-1.0.0/lib/.rbnext/2.6/ruby-next/core/data.rb:5: warning: constant ::Data is deprecated
/usr/local/bundle/gems/redis-rack-3.0.0/lib/rack/session/redis.rb:8:in
module:Session': uninitialized constant Rack::Session::Abstract::PersistedSecure (NameError)`Upon deploying the previously stable image of our code (as of 25 September 2023), the k8s pods are successfully running. But, we are stuck here because we aren't able to push new changes to our stable code as the same stable code only is now NOT able to provide a stable service upon trying out a fresh deployment.
Below is the error that we are getting, causing the associated K8s service pod in CrashLoopBackOff state:
Adding the same error in text form below:
/usr/local/bundle/gems/ruby-next-core-1.0.0/lib/.rbnext/2.6/ruby-next/core/data.rb:5: warning: constant ::Data is deprecated /usr/local/bundle/gems/ruby-next-core-1.0.0/lib/.rbnext/2.6/ruby-next/core/data.rb:5: warning: constant ::Data is deprecated /usr/local/bundle/gems/ruby-next-core-1.0.0/lib/.rbnext/2.6/ruby-next/core/data.rb:5: warning: constant ::Data is deprecated /usr/local/bundle/gems/redis-rack-3.0.0/lib/rack/session/redis.rb:8:in
module:Session': uninitialized constant Rack::Session::Abstract::PersistedSecure (NameError)
Did you mean? Rack::Session::Abstract::Persisted
from /usr/local/bundle/gems/redis-rack-3.0.0/lib/rack/session/redis.rb:7:in <module:Rack>' from /usr/local/bundle/gems/redis-rack-3.0.0/lib/rack/session/redis.rb:6:in
<top (required)>'
from /usr/local/bundle/gems/redis-rack-3.0.0/lib/redis-rack.rb:3:in require' from /usr/local/bundle/gems/redis-rack-3.0.0/lib/redis-rack.rb:3:in
<top (required)>'
from /usr/local/bundle/gems/redis-actionpack-5.4.0/lib/action_dispatch/middleware/session/redis_store.rb:4:in require' from /usr/local/bundle/gems/redis-actionpack-5.4.0/lib/action_dispatch/middleware/session/redis_store.rb:4:in
<top (required)>'
from /usr/local/bundle/gems/redis-actionpack-5.4.0/lib/redis-actionpack.rb:4:in require' from /usr/local/bundle/gems/redis-actionpack-5.4.0/lib/redis-actionpack.rb:4:in
<top (required)>'
from /usr/local/bundle/gems/redis-rails-5.0.2/lib/redis-rails.rb:4:in require' from /usr/local/bundle/gems/redis-rails-5.0.2/lib/redis-rails.rb:4:in
<top (required)>'
from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/runtime.rb:81:in require' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/runtime.rb:81:in
block (2 levels) in require'
from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/runtime.rb:76:in each' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/runtime.rb:76:in
block in require'
from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/runtime.rb:65:in each' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/runtime.rb:65:in
require'
from /usr/local/lib/ruby/site_ruby/2.5.0/bundler.rb:114:in require' from /src/config/application.rb:7:in
<top (required)>'
from /src/config/environment.rb:2:in require_relative' from /src/config/environment.rb:2:in
<top (required)>'
from config.ru:3:in require_relative' from config.ru:3:in
block in
instance_eval' from /usr/local/bundle/gems/rack-2.0.7/lib/rack/builder.rb:55:in
initialize'new' from config.ru:in
'eval' from /usr/local/bundle/gems/rack-2.0.7/lib/rack/builder.rb:49:in
new_from_string'parse_file' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/configuration.rb:320:in
load_rackup'app' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/runner.rb:157:in
app'start_server' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/cluster.rb:275:in
worker'block (2 levels) in spawn_workers' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/cluster.rb:139:in
fork'block in spawn_workers' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/cluster.rb:135:in
times'spawn_workers' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/cluster.rb:213:in
check_workers'run' from /usr/local/bundle/gems/puma-3.12.1/lib/puma/launcher.rb:186:in
run'run' from /usr/local/bundle/gems/puma-3.12.1/bin/puma:10:in
<top (required)>'load' from /usr/local/bundle/bin/puma:23:in
<top (required)>'load' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli/exec.rb:74:in
kernel_load'run' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli.rb:463:in
exec'run' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/vendor/thor/lib/thor/invocation.rb:126:in
invoke_command'dispatch' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli.rb:27:in
dispatch'start' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli.rb:18:in
start'block in <main>' from /usr/local/lib/ruby/site_ruby/2.5.0/bundler/friendly_errors.rb:124:in
with_friendly_errors'<main>'
Ruby version: 2.5.3
Ruby Next version: Unknown because we aren't directly using it via the Gemfile. It seems some other library is indirectly using it so we can't confirm the version.
Parser version: Unknown because we aren't directly using it via the Gemfile.
Unparser version: Unknown because we aren't directly using it via the Gemfile.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.