#2364: Requests for unexisting profile creates a session cookie without need

Type: BugItem Feature: Infrastructure Tags:  
ScheduledFor: N/A Assigned to: AntonioTerceiro Sites:  
Priority: 0 Status: Pending  

Description of the bug

whenever a request is made to an unexisting profile (due to a broken link for example), Noosfero sets the session cookie even if the user is not logged in. This happens because the render_not_found call renders, and the processing is halted, what does not give a to chance to the after_filters in the noosfero_caching plugin to prepare the wipe out of the cookies.

Every access to keys of the session hash (e.g. session[:foo] must be guarded with a check to whether that key is actually there, e.g. session.has_key?(:foo)). Read acccess to the session forces the creation of a cookie, what's a bug in Rails 2.3.5; this was only fixed in Rails 2.3.14.

Steps to reproduce

  1. make a request to yoursite/xyz, where xyz is a non-existing profile
  2. verify that noosfero sets a _noosfero_session cookie in return

-- AntonioTerceiro -- 23 May 2012

diff --git a/features/session_and_cookies_handling.feature b/features/session_an
index 5a644d5..600923f 100644
--- a/features/session_and_cookies_handling.feature
+++ b/features/session_and_cookies_handling.feature
@@ -25,6 +25,10 @@ Feature: session and cookies handling
     When I make a AJAX request to the user data path
     Then there must be a cookie "_noosfero_session"
+  Scenario: 404 on unexisting profile should not produce a session cookie
+    When I go to /unexistingprofile
+    Then there must be no cookies
   # FIXME for some reason I could not test this scenario, although manual tests
   # indicate this works!
   # Scenario: logout

-- AntonioTerceiro - 09 Jun 2012

Add comment
You need to login to be able to comment.

ActionItemForm edit

Title Requests for unexisting profile creates a session cookie without need
ActionItemType? BugItem
Priority 0
Feature Infrastructure
ResponsibleDevelopers AntonioTerceiro
ScheduledFor? N/A
Status Pending
Ticket SAC:
Topic revision: r4 - 20 Jul 2012 - 14:31:55 - LarissaReis

irc Talk with Devs Now!

Translations: English
Search on Docs:
ActionItem Search:

Copyright © 2007-2015 by the Noosfero contributors
Colivre - Cooperativa de Tecnologias Livres