Bad Cookie

I am using the Rails cookie store that was introduced in Ruby on Rails 2 to store my session data on finder.overcycle.com. Rails will throw an exception if the cookie data is tampered with (Rails can check if the data has been altered), and as I use the Exception Notifier plugin I got my first ‘Cookie Tampered With’ email today:

A CGI::Session::CookieStore::TamperedWithCookie occurred in account#signup:
CGI::Session::CookieStore::TamperedWithCookie
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session/cookie_store.rb:143:in `unmarshal'

And the cuplrit? The Alexa crawler apparently. No Alexa crawler! Bad bot!

4 thoughts on “Bad Cookie

  1. I have a site that is getting 10-15 of these errors a day. Did you ever figure out a way to stop this from happening? Is it just that the alexa bot doesn’t behave?

  2. Will says:

    I emailed Alexa a few times and was ignored. It is probably possible to turn off sessions for the Alexa crawler only, but right now I just delete the exception notifier emails once per day.

  3. I think that I’ve figured out what the immediate cause of the error is. It seems that Rails breaks up the session_id with new lines every 60 characters. Rails encodes this as %0A. Alexa seems to translate these new lines to n. This is the only difference between the cookie that Alexa is returning and what we have in the session.

  4. [...] finally got round to doing something about the Alexa crawler tampering with the cookies on the Recycling Group finder after Patrick Joyce commented on my previous [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.