Rails 4 升级旧会话的 JSON::ParseError

Question

从 Rails 3.2 升级到 Rails 4.1.4 后，使用现有会话（来自较旧的 Rails 3.2 版本）访问应用程序会导致内部服务器错误。回溯：

JSON::ParserError - 795: unexpected token at {
I"session_id:ETI"%fa78a4ee07ac952c9b034ebc6199f30b;':
  /Users/.../.rvm/rubies/ruby-2.1.0/lib/ruby/2.1.0/json/common.rb:155:in `parse'
  actionpack (4.1.4) lib/action_dispatch/middleware/cookies.rb:388:in `load'
  actionpack (4.1.4) lib/action_dispatch/middleware/cookies.rb:428:in `deserialize'
  actionpack (4.1.4) lib/action_dispatch/middleware/cookies.rb:183:in `verify_and_upgrade_legacy_signed_message'
  actionpack (4.1.4) lib/action_dispatch/middleware/cookies.rb:550:in `[]'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/cookie_store.rb:114:in `get_cookie'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/cookie_store.rb:90:in `block in unpacked_cookie_data'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/abstract_store.rb:51:in `stale_session_check!'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/cookie_store.rb:89:in `unpacked_cookie_data'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/cookie_store.rb:83:in `block in extract_session_id'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/abstract_store.rb:51:in `stale_session_check!'
  actionpack (4.1.4) lib/action_dispatch/middleware/session/cookie_store.rb:82:in `extract_session_id'
  actionpack (4.1.4) lib/action_dispatch/request/session.rb:49:in `block in []'
  actionpack (4.1.4) lib/action_dispatch/request/session.rb:48:in `[]'
  actionpack (4.1.4) lib/action_dispatch/request/session.rb:70:in `id'
  rack (1.5.2) lib/rack/session/abstract/id.rb:282:in `current_session_id'
  rack (1.5.2) lib/rack/session/abstract/id.rb:288:in `session_exists?'
  actionpack (4.1.4) lib/action_dispatch/request/session.rb:152:in `exists?'
  actionpack (4.1.4) lib/action_dispatch/request/session.rb:172:in `load_for_read!'
  actionpack (4.1.4) lib/action_dispatch/request/session.rb:89:in `[]'
  warden (1.2.3) lib/warden/session_serializer.rb:30:in `fetch'
  warden (1.2.3) lib/warden/proxy.rb:212:in `user'
  warden (1.2.3) lib/warden/proxy.rb:318:in `_perform_authentication'
  warden (1.2.3) lib/warden/proxy.rb:104:in `authenticate'
  warden (1.2.3) lib/warden/proxy.rb:114:in `authenticate?'
  devise (3.2.4) lib/devise/rails/routes.rb:460:in `block in constraints_for'
  actionpack (4.1.4) lib/action_dispatch/routing/mapper.rb:38:in `block in matches?'
  actionpack (4.1.4) lib/action_dispatch/routing/mapper.rb:36:in `matches?'
  actionpack (4.1.4) lib/action_dispatch/routing/mapper.rb:45:in `call'
  actionpack (4.1.4) lib/action_dispatch/journey/router.rb:71:in `block in call'
  actionpack (4.1.4) lib/action_dispatch/journey/router.rb:59:in `call'
  actionpack (4.1.4) lib/action_dispatch/routing/route_set.rb:678:in `call'
  ...

我尝试更改会话cookie密钥名称，但它似乎卡在了 session_id.

# initializers/session_store.rb
MyApp::Application.config.session_store :cookie_store, key: 'myapp_session'

请帮忙！一个很好的解决方案是在所有会话 cookie 到达 Rails 中间件之前删除它们，但我不知道该怎么做。

Answer 1

在这里找到了答案： https：//github.com/rails/reails/issues/15111

我的设置有

# initializers/cookie_serializer.rb
Rails.application.config.action_dispatch.cookies_serializer = :json

.

我将它更改为

Rails.application.config.action_dispatch.cookies_serializer = :hybrid

.

，这是诀窍

Answer 2

如果您愿意更改密钥，那么它将解决问题，并且我可以确认使用旧 cookie 的人不会遇到 500 错误。

跑步 rake secret 生成一个新的秘密。

如果你已经实现了 config/secrets.yml, ，把新的秘密放在那里。否则，如果你还有秘密的话 config/initializers/secret_token.rb, ，把它放进去。

留下你的 config/initializers/session_store.rb 单独的文件——您不需要更改它。

在 config/initializers/cookie_store.rb, ，将其更改为 :json:

# Be sure to restart your server when you modify this file.

Rails.application.config.action_dispatch.cookies_serializer = :json

我可以确认这有效，即使您的浏览器存储了旧的会话 cookie。通过更改机密，当具有旧会话 cookie 的人访问您的站点时，服务器会忽略旧会话状态并创建新会话。没有 500 错误。

Answer 3

我刚刚有同样的问题并在这里使用答案，所有这些都是固定的。 阅读评论后，虽然我发现只是改变秘密也解决了问题，但我应该假设它。

我认为改变秘密是一个更好的问题，而不是切换到：混合，如@thibautbarrère在评论中陈述