I got a nice surprise today when upgrading our message processing application from Rails 2.3.3 to Rails 2.3.4, to pull in some important security fixes.
/opt/ruby-enterprise-1.8.6-20090113/lib/ruby/gems/1.8/gems/rails-2.3.4/lib/initializer.rb:445:in `initialize_database_middleware': You have a nil object when you didn't expect it! (NoMethodError)
The error occurred while evaluating nil.name
from /opt/ruby-enterprise-1.8.6-20090113/lib/ruby/gems/1.8/gems/rails-2.3.4/lib/initializer.rb:182:in `process'
from /opt/ruby-enterprise-1.8.6-20090113/lib/ruby/gems/1.8/gems/rails-2.3.4/lib/initializer.rb:113:in `send'
from /opt/ruby-enterprise-1.8.6-20090113/lib/ruby/gems/1.8/gems/rails-2.3.4/lib/initializer.rb:113:in `run'
Jumping into the Rails source, I found the offending line.
if configuration.frameworks.include?(:action_controller) && ActionController::Base.session_store.name == 'ActiveRecord::SessionStore'
This code assumes that a session store is configured in your Rails app. However, this particular application has no need for a session, so we were disabling it in the configuration by specifying the following:
config.action_controller.session_store = nil
I poked around on the web for a while, trying to find another way to disable the session. No luck. It appeared that the only other way to disable the session was to properly configure a session store in your
environment.rb file, and then disable it in your
ApplicationController. That seemed lame. Why should I have to configure something that I want to disable?
So, I coded up a simple class to act as the session store for the application that simply raises an error if anybody tries to access the session.
class NilSessionStore < ActionController::Session::AbstractStore def get_session(env, sid) raise NotImplementedError, "NilSessionStore: No session configured" end def set_session(env, sid, session_data) raise NotImplementedError, "NilSessionStore: No session configured" end end
I then configured the application to use this class as the session store.
config.action_controller.session_store = :nil_session_store
Nice and simple, and it keeps me from having to configure something I never plan to use.