Matt S Trout wrote:
On Mon, Jun 04, 2007 at 11:44:50AM -0400, Jim Spath wrote:
Is there any way to disable the validation of session ids? Seems like
it would be a somewhat useful option for those cases (like interfacing
with Facebook), where the session ids are pre-created.
sub validate_session_id { 1 }
might work. But don't blame me if it breaks something :)
I have a working Facebook state plugin now. It overrides
get_session_id, generate_session_id, and validate_session_id.
One gotcha I found was that since Facebook always passes a session key
with its users, my get_session_id() was always returning a session key.
This was a problem when I needed to log users in a create a new
session, because Catalyst was behaving as if it already had a session,
and wouldn't create a new one.
My solution was to use a hidden field on Facebook logins called
fcbk_login. get_session_id() checks for this request parameter, and if
it is present, will not return the Facebook session key. I don't really
like this solution as it requires a particular parameter to be in the
login form template, but I couldn't think of a better way to deal with it.
Here's the module in its current state, feedback would be welcome...
====
package Catalyst::Plugin::Session::State::FcbkToken;
use base qw/Catalyst::Plugin::Session::State/;
use strict;
use warnings;
use NEXT;
our $VERSION = "0.01";
sub get_session_id {
my ($c) = @_;
# get facebook session id from parameter unless user is
# trying to login
if (!$c->request->param('fcbk_login') &&
(my $sid = $c->request->param('fb_sig_session_key'))) {
# indicates that we used a facebook session key
$c->stash->{'fcbk_token_found'} = 1;
$c->log->debug(qq/Found facebook session key "$sid"/) if $c->debug;
return $sid;
}
$c->NEXT::get_session_id(@_);
}
sub validate_session_id {
my ($c, $sid) = @_;
# properly validate facebook session ids
if ($c->stash->{'fcbk_token_found'}) {
return $sid && $sid =~ /^[-a-f\d]+$/i;
}
$c->NEXT::validate_session_id(@_);
}
sub generate_session_id {
my ($c) = @_;
if (my $sid = $c->request->param('fb_sig_session_key')) {
$c->log->debug(qq/Created sessionid using facebook session key "$sid"/)
if $c->debug;
return $sid;
}
$c->NEXT::generate_session_id(@_);
}
1;
====
Thanks for the help everyone!
- Jim
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
