Defect #3969


Plugins loaded before config/initializers/session_store.rb ?

Added by Jérémy Lal over 14 years ago. Updated over 14 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Wont fix
Affected version:


This bug is related to issue #2815, and applies to redmine trunk with rails 2.2.3, before rails 2.3 migration.
The cookie session name has the default value (session_id) with BotsFilter plugin,
and the right value (_redmine_session) without.

How to reproduce :
- login to redmine, installed without plugins
- check which cookies are defined in your browser for that domain,
you should see "_redmine_session"
- logout
- stop redmine, install the BotsFilter plugin, restart redmine
- login again
- now the cookie name is _session_id, not _redmine_session.

Actions #1

Updated by Jérémy Lal over 14 years ago

ActionController is loaded by BotsPlugin, before
session_store.rb sets ActionController::Base.session, that's why
it has no effect.
I can't find a way around this...

Actions #2

Updated by Jérémy Lal over 14 years ago

  • Assignee set to Jean-Philippe Lang

this seems to be a BotsPlugin issue...

Actions #3

Updated by Jan Wagner over 14 years ago

In production.log:

/!\ FAILSAFE /!\ 05/10/2009
Status: 500 Internal Server Error
A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase of at least 30 characters" } in config/environment.rb

The problem also occures also at least with: redmine_code_review and redmine_local_avatars

Actions #4

Updated by Jérémy Lal over 14 years ago

Adding config.action_controller.session to config/environment.rb would fix this problem,
but it is not consistent with

rake config/initializers/session_store.rb

which is a good way of generating the secret key.

It also hides other (potentially) similar situations with the other files in config/initializers/

I found a working solution, however it can't be applied to any plugin, only those where predefining
a singleton is NOT what is wanted :

mv vendor/plugins/redmine-botsfilter-1.00/init.rb config/initializers/z-plugins/redmine_bots_filter.rb

z-plugins dirname is to make sure plugin initialization happens after every other initializer.

Actions #5

Updated by Jean-Philippe Lang over 14 years ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

This is not reproductible with latest trunk and Rails 2.3.4.


Also available in: Atom PDF