So I've started using the Session::State::URI plugin (with rewrite
turned off... I don't need that aspect of it), but have quickly
encountered a problem with using an externally created session key with
Catalyst::Plugin::Session... it doesn't pass validate_session_id().
The session key I receive from Facebook and attempt to use the the
session id is not alphanumeric... e.g. 1254342bc1f2af7558f5979d-728080233
I end up getting the following error:
Tried to set invalid session ID '1254342bc1f2af7558f5979d-728080233' at
/usr/share/perl5/Catalyst/Plugin/Authentication.pm line 103
Is there any way to disable the validation of session ids? Seems like
it would be a somewhat useful option for those cases (like interfacing
with Facebook), where the session ids are pre-created.
- Jim
Yuval Kogman wrote:
The code below is essentially Catalyst::Plugin::Session::State::URI
with param set to 'token'.
On Wed, May 30, 2007 at 23:00:06 -0700, Jay Buffington wrote:
I did something like this. With Session::State::Cookie the session id
comes out of the cookie. I wanted web service calls using REST to be
able to use that same session id, but pass it as a http parameter
(called token) rather than in the cookie.
With the below code catalyst will first look for the session in in a
url param like this:
http://myapp.com/foo?token=af3423e342dac987d8e0a0e
If there is no token param the NEXT will cause it to fall back to
Session::State::Cookie and look for the session id in the cookie.
*** in MyApp.pm ***
use Catalyst qw/
Session::State::Token
Session::State::Cookie
/;
*** in Catalyst/Plugin/Session/State/Token.pm ***
package Catalyst::Plugin::Session::State::Token;
use base qw/Catalyst::Plugin::Session::State/;
use strict;
use warnings;
use NEXT;
our $VERSION = "0.01";
sub get_session_id {
my $c = shift;
my $session_id = $c->request->params->{token};
if ( $session_id ) {
$c->log->debug(qq/Found sessionid "$session_id" in request
parameter/) if $c->debug;
return $session_id;
}
$c->NEXT::get_session_id(@_);
}
1;
On 5/30/07, Jim Spath <[EMAIL PROTECTED]> wrote:
I'm currently using the following plugins for session management in my
Catalyst app:
Session
Session::Store::Memcached
Session::State::Cookie
Session::DynamicExpiry
Along with the following authentication plugins:
Authentication
Authentication::Store::DBIC
Authentication::Credential::Password
It all works great on my site... however, I was looking to integrate our
app into Facebook, and to have users login to our service through Facebook.
For every request, they will be passing an parameter called fb_sig_user,
which I should be using as a session id on our side.
I was wondering if there was a way that I could override the automatic
creation of session ids with the Facebook id, while also continuing to
use my current setup for onsite users? I've looked through the docs and
searched a bit and am unclear on this.
Thanks!
Jim
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
