Flash message does not get cleared

Question

Using Rails 3.0.3 running in Passenger we're experiencing an issue where the last flash set is retained for every request. For example we're setting a flash message if the user needs to be logged in in a before filter:

def require_user
    unless current_user
        store_location
        flash[:notice] = "You must be logged in to access this page"
        redirect_to login_url
        return false
    end
end

However on any subsequent request after the user has logged in successfully we still get the flash message persisting, it never clears for the entire session.

In this example this is the only place we are setting this message and I have ensured that it is only being set when the user is not logged in. In fact if I put flash[:notice] = 'Test' after the unless block refreshed and then removed that line and the 'Test' flash message remains for all subsequent requests.

This is happening if you run the app in either development or production env.

Answer 1

We had a custom override for Hash#symbolize_keys! that was hanging around from some old code and it appears that when the cookie middleware is calling symbolize_keys! on the cookie it was causing the flash to be re-applied on the end of the request.

I doubt anyone else will experience this issue, but in our case this is what the problem was.

Answer 2

Flash messages are automatically cleaned up at the beginning of each request.

Are you sure, your current_user method returns nil if user is not logged in ?

What library are you using for user session management ? Devise/Authlogic or other ?