You have found a Suspicious value and you wonder how it came about.


Find the source code of the constructor or initializer of the suspicious value. Set a breakpoint there. Rerun the example. (If the value is a primitive value, it's more difficult to find out where it was generated.)


In the Ruby on Rails example from Spot the differences, you found the NullSession to be suspicious. (It might be called NullSessionHash or similar. I'm lazy to reproduce it now, so stick with NullSession.) In RubyMine, you can open universal search with Shift-Shift, type in NullSession and hit Enter. This will take you to the initialize method, where you set a breakpoint

When you hit the breakpoint, nose around in the preceding code and the preceding stack frames. You find out that the CSRF token wasn't set. Voilà. Why was it not set? Because you switched from jQuery.ajax to fetch and forgot to adjust to the new tool. When debugging, Be suspicious of new tools.

Another example

(to be written properly)

Look around where an exception is raised, using pry-byebug:

> break ActiveRecord::StatementInvalid#initialize
> continue
> backtrace

The backtrace seems redundant. Don't exceptions carry a stacktrace around? Somehow not in the case I was debugging.