Comments (14)
Hi, this issue likely happens because when silence_logger
gets called in a nested context the nested call will reset the logger level before the parent call has finished and thus anything that happens in that window after the nested call returned and the parent call hasn't will have no silencing applied.
The silence_logger
method should be storing the previous thread_level
and restoring that instead of always assigning nil
to it: https://github.com/rails/activerecord-session_store/blob/master/lib/active_record/session_store/extension/logger_silencer.rb#L49
from activerecord-session_store.
- What version of the gem are you using?
- Are you overriding the value of your logger?
- Can you try the
master
version to see if it solves your issue?
from activerecord-session_store.
Using version 0.1.1 at master.
Using activerecord-session_store 0.1.1 from git://github.com/rails/activerecord-session_store.git (at master)
I'm not overriding the value. Not that I know of.
from activerecord-session_store.
That's weird, because that's where I push the new patch for silencing the log in. Could you paste in the output of ActiveRecord::Base.logger
and ActiveRecord::Base.logger.respond_to?(:silence_logger)
?
I'd love to get this fix, because having this data printed out to the log is a security concern as well.
from activerecord-session_store.
irb(main):015:0> ActiveRecord::Base.logger
=> #<ActiveSupport::Logger:0x007fb587cd6ab0 @progname=nil, @level=0, @default_formatter=#<Logger::Formatter:0x007fb587cd6a60 @datetime_format=nil>, @formatter=#<ActiveSupport::Logger::SimpleFormatter:0x007fb587bc9348 @datetime_format=nil>, @logdev=#<Logger::LogDevice:0x007fb587cd6a10 @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<File:/Users/kartikluke/Documents/autoclave/log/development.log>, @mutex=#<Logger::LogDevice::LogDeviceMutex:0x007fb587cd69e8 @mon_owner=nil, @mon_count=0, @mon_mutex=#<Mutex:0x007fb587cd6998>>>>
irb(main):016:0> ActiveRecord::Base.logger.respond_to?(:silence_logger)
=> false
from activerecord-session_store.
It seems like that the module didn't get included correctly, but in that case it should have raised an exception like in #42. I'm really not sure what's going on now ...
Would you mind gist me the log? Also, what happen if you add:
ActiveSupport::Logger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
to your initializer?
from activerecord-session_store.
@sikachu : We are using v0.1.2 and want to silence the logs. Can you please let us know in which initializer file the following line should be added ?
MyLogger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
from activerecord-session_store.
@bhaveshf-cuelogic any initializer file. For example, just create a new config/initializers/activerecord-session_store.rb
and put that line in there.
Let me know how it goes.
from activerecord-session_store.
@sikachu : nope, its not working :(
ActiveRecord::Base.logger.respond_to?(:silence_logger)
returns true
Following is the ActiveRecord::Base.logger object
<ActiveSupport::Logger:0x00000004e955d0 @default_formatter=#<Logger::Formatter:0x00000004e95558 @datetime_format=nil>, @formatter=#<ActiveSupport::Logger::SimpleFormatter:0x00000005064f00 @datetime_format=nil>, @level=0, @logdev= #<Logger::LogDevice:0x00000004e95508 @dev=#<File:/home/work/projects/my_app/log/development.log>, @filename=nil, @mutex=#<Logger::LogDevice::LogDeviceMutex:0x00000004e954e0 @mon_count=0, @mon_mutex=#<Mutex:0x00000004e95490>, @mon_owner=nil>, @shift_age=nil, @shift_size=nil>, @progname=nil>
from activerecord-session_store.
I am on rails 5.0.0.1, and I'm facing the same issue. I included the initializer, but it did not work.
My output is the same as @bhaveshf-cuelogic.
Before adding the initializer, my output is:
ActiveRecord::Base.logger
=> #<ActiveSupport::Logger:0x007fc9ae0496e0 @progname=nil, @level=0, @default_formatter=#<Logger::Formatter:0x007fc9ae049640 @datetime_format=nil>, @formatter=#<ActiveSupport::Logger::SimpleFormatter:0x007fc9ace58238 @datetime_format=nil>, @logdev=#<Logger::LogDevice:0x007fc9ae0495f0 @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<File:/Users/rguerreiro/Documents/Stratasphere/workspace/stratasphere/log/development.log>, @mutex=#<Logger::LogDevice::LogDeviceMutex:0x007fc9ae0495c8 @mon_owner=nil, @mon_count=0, @mon_mutex=#<Mutex:0x007fc9ae049578>>>, @local_levels=#<Concurrent::Map:0x007fc9ae049500 entries=0 default_proc=nil>, @thread_hash_level_key=:"ThreadSafeLogger#70252092345200@level">
ActiveRecord::Base.logger.respond_to?(:silence_logger)
=> true
So I don't think that the problem would be solved by adding the initializer code.
But I did it anyway, like this:
ActiveSupport::Logger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
The output was the same as before.
Any insights on how to solve this issue?
from activerecord-session_store.
Guys, looks like I have the same problem. This issue is almost 2 years old!!! Any updates how that could be fixed? Any workarounds?
from activerecord-session_store.
I was still seeing this issue on 1.1.3 - setting secure: true
resolved the issue.
from activerecord-session_store.
@forrestblount where you set secure: true?
from activerecord-session_store.
The silencer was removed in 2.0.0, and users are now expected to include ActiveSupport::LoggerSilence
.
from activerecord-session_store.
Related Issues (20)
- Version bump? HOT 2
- New session not persisting in Rails 5+ HOT 3
- Ruby 3.0 breaks web-console HOT 3
- Vulnerabilities found activerecord-session_store Timing Attack HOT 2
- NoMethodError: undefined method silence for Logger after 2.0.0 upgrade HOT 21
- SqlBypass holds onto old connection, resulting in ActiveRecord::ConnectionNotEstablished: connection is closed error
- uninitialized constant ActionDispatch::Session::AbstractSecureStore HOT 4
- Write query attempted while in readonly mode: INSERT INTO "sessions HOT 1
- Invalid authenticity token when paired with Devise HOT 1
- Thread safety on 1.1.3 HOT 1
- README configuration typo
- upgrading from 1.1 to 2.0.0 issue
- documentation about CVE-2019-16782 HOT 3
- What is the main purpose of this gem? HOT 9
- what are pros and cons of this store if we use this in place of cookie store HOT 1
- How to find a session record using the session id from the cookie HOT 1
- Rails 6, losing CSRF token HOT 1
- Rack 3 compatibility HOT 5
- "Undefined method logger.silence" HOT 3
- Remove multi_json as dependency in favor of std-lib json
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from activerecord-session_store.