9

I have a Sinatra app using Rack::Session::Cookie

use Rack::Session::Cookie, :key => 'my.key',
                           :path => '/',
                           :expire_after => 3600, # In seconds
                           :secret => 'something'

I have one place in the session where I set the data, and I do a dump of the session, which is about 600 bytes right before the erb call

  puts "session is #{session.inspect}" ==> 400 bytes of text

Then I get

Warning! Rack::Session::Cookie data size exceeds 4K.
Warning! Rack::Session::Cookie failed to save session. Content dropped.

Funny thing is, it all seems to be working, in that everything I set on the session comes back to me on the next hit. The session size as reported in the Safari development window is 1195 bytes, and it all looks encrypted, etc.

Any ideas on how this could be happening? It appears that the message is spurious, but looking at the Rack:Session code - it appears that something is being dumped...

Tom Andersen
  • 7,132
  • 3
  • 38
  • 55
  • 1
    session.inspect isn't what you want to be checking if you're interested in the amount of data the session requires. Something like `Marshal.dump(session.to_hash)` is closer to the mark – Frederick Cheung Feb 29 '12 at 23:07
  • If I get the session as a string, then call Marshall.dump, followed by an encrypt, I get 1300 bytes, which matches what I see as a cookie. So still no luck in figuring it out. – Tom Andersen Feb 29 '12 at 23:40
  • 1
    pst is absolutely right. In your Rack gem code find message 'data size exceeds' and add inspect statement there. – phil pirozhkov Mar 22 '12 at 22:09
  • 1
    This has happened to me in rails if I, by mistake, rescue an Exception and instead of storing its message to the session (by using flash()) I instead save the whole object. eg. flash(exception.to_s) versions flash(exception). Check if you are not saving an unexpected value in a session. – edmz May 31 '12 at 20:36
  • I did not figure this out. I changed to a non cookie store for sessions in the end that will work better for me. So now I can't look at it any more. – Tom Andersen Jun 08 '12 at 15:40
  • 1
    Is the error being thrown because the set of cookies for your domain exceed 4K in total? – Jason Sperske Jun 10 '12 at 19:38

1 Answers1

3

Fred is right. session.inspect is not going to show you the exact size of the cookie string length. You could use tcpdump to get a better idea of its size;

tcpdump -s 1500 -A host and port

Then make the request and check out the actual ascii dump of the cookie data.

lal00 is likely onto the real underlying issue

Wedge Martin
  • 777
  • 6
  • 15