Bad Cookie
I am using the Rails cookie store that was introduced in Ruby on Rails 2 to store my session data on finder.overcycle.com. Rails will throw an exception if the cookie data is tampered with (Rails can check if the data has been altered), and as I use the Exception Notifier plugin I got my first ‘Cookie Tampered With’ email today:
A CGI::Session::CookieStore::TamperedWithCookie occurred in account#signup:
CGI::Session::CookieStore::TamperedWithCookie
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session/cookie_store.rb:143:in `unmarshal'
And the cuplrit? The Alexa crawler apparently. No Alexa crawler! Bad bot!
December 2nd, 2008 at 3:16 pm
I have a site that is getting 10-15 of these errors a day. Did you ever figure out a way to stop this from happening? Is it just that the alexa bot doesn’t behave?
December 2nd, 2008 at 3:42 pm
I emailed Alexa a few times and was ignored. It is probably possible to turn off sessions for the Alexa crawler only, but right now I just delete the exception notifier emails once per day.
December 2nd, 2008 at 8:16 pm
I think that I’ve figured out what the immediate cause of the error is. It seems that Rails breaks up the session_id with new lines every 60 characters. Rails encodes this as %0A. Alexa seems to translate these new lines to \n. This is the only difference between the cookie that Alexa is returning and what we have in the session.
December 2nd, 2008 at 11:24 pm
[...] finally got round to doing something about the Alexa crawler tampering with the cookies on the Recycling Group finder after Patrick Joyce commented on my previous [...]