I am using the Rails cookie store that was introduced in Ruby on Rails 2 to store my session data on finder.overcycle.com. Rails will throw an exception if the cookie data is tampered with (Rails can check if the data has been altered), and as I use the Exception Notifier plugin I got my first ‘Cookie Tampered With’ email today:
A CGI::Session::CookieStore::TamperedWithCookie occurred in account#signup:
CGI::Session::CookieStore::TamperedWithCookie
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session/cookie_store.rb:143:in `unmarshal'
And the cuplrit? The Alexa crawler apparently. No Alexa crawler! Bad bot!
I have a site that is getting 10-15 of these errors a day. Did you ever figure out a way to stop this from happening? Is it just that the alexa bot doesn’t behave?
I emailed Alexa a few times and was ignored. It is probably possible to turn off sessions for the Alexa crawler only, but right now I just delete the exception notifier emails once per day.
I think that I’ve figured out what the immediate cause of the error is. It seems that Rails breaks up the session_id with new lines every 60 characters. Rails encodes this as %0A. Alexa seems to translate these new lines to n. This is the only difference between the cookie that Alexa is returning and what we have in the session.
[...] finally got round to doing something about the Alexa crawler tampering with the cookies on the Recycling Group finder after Patrick Joyce commented on my previous [...]