activerecord-session_store: NoMethodError: undefined method silence for Logger after 2.0.0 upgrade

If anyone else is having this issue, I forked the project and added ActiveRecord::SessionStore::Extension::LoggerSilencer back in to version 2.0.0 with the CVE fix.

That fork is located here: https://github.com/egallup02360/activerecord-session_store

Can confirm my logging works through GELF/Lograge->Graylog and the session IDs are properly secured with this fork. Obviously we would want to continue with the official repo at some point if a workaround or solution is found for this particular issue.

@jeremyburks-sikich Thanks for the pointer, that was the problem in my case! ❤️

I ran into the same issue. ActiveRecord::SessionStore::Extension::LoggerSilencer was removed in this commit

I replaced my use of ActiveRecord::SessionStore::Extension::LoggerSilencer with the following.

Rails.logger.class.include ActiveSupport::LoggerSilence

I just stop receiving my application logs.

It’s either misconfigured (LoggerSilence makes the level a per thread variable, which might impact you configuration) or GELF::Logger is incompatible with LoggerSilence. Is GELF open source? Can you repo in isolation?

Should I open a separate issue for this?

No, this isn’t a problem with activerecord-session_store, it expects a contract from ActiveRecord::Base.logger, and the logger in your app doesn’t fulfil that contract. That’s on you to figure it out.

Alternatively if you just want an easy way out, you can vendor the old ActiveRecord::SessionStore::Extension::LoggerSilencer in your app and just use that (you’ll have to rename the method though).

That’s fair, and I’m going to find my own way around this, I do appreciate your responses and suggestions. I’d just like to point out that prior to upgrading this gem, and only this gem, that logging worked perfectly for my use case.

This is just my opinion, but ripping an extension out that is documented in your README without a prior release that includes a depreciation warning is bad practice. Rails, in general, is really good about doing this, why is activerecord-session_store any different?

I understand patching the CVE was urgent, but that could have been fixed in a minor release rather than introducing almost two years worth of undocumented changes, since your last release, all at once. Again, just my opinion.

Thank you for your continued work on this project and I hope my opinions don’t offend you or come off as rude, that’s not my intention at all. We’re on Github for collaboration and sharing our opinions, after all.

@powerwlsl Maybe compare staging.rb to production.rb and see if you can isolate any differences. Not sure though, I only was having trouble in my test environment.

Not sure it helps but I have these logging related lines in my staging and production environment configs:

  # Use the lowest log level to ensure availability of diagnostic information
  # when problems arise.
  config.log_level = :debug

  # Prepend all log lines with the following tags.
  config.log_tags = [ :request_id ]
  
  # Use default logging formatter so that PID and timestamp are not suppressed.
  config.log_formatter = ::Logger::Formatter.new

  # Use a different logger for distributed setups.
  # require 'syslog/logger'
  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')

  if ENV["RAILS_LOG_TO_STDOUT"].present?
    logger           = ActiveSupport::Logger.new(STDOUT)
    logger.formatter = config.log_formatter
    config.logger    = ActiveSupport::TaggedLogging.new(logger)
  end

In my case, I removed the config.logger = Logger.new(nil) setting in my test environment and that solved the issue without add Rails.logger.class.include ActiveSupport::LoggerSilence.

Hi, I’m having the same issue after 2.0.0 upgrade. Where should I put the following code?

Rails.logger.class.include ActiveSupport::LoggerSilence

I don’t see any ActiveRecord::SessionStore::Extension::LoggerSilencer in my repo.

You could put it in your initializer: config/initializers/session_store.rb

Thanks! That seemed to resolve things for me as well. I’m curious if this should be pulled into this gem directly? Feels weird to require changes to logging in consuming applications.