Well, I only got as far as a test case that fails on this. The test is on Session::State::Cookie, but I do not believe that's where the problem is -- just where it shows up.
The issue comes up when 1) an expired session is sent in the request
and 2) the session is accessed late in the request. For example, when
implementing a "remember me" feature by overriding
calculate_session_cookie_expires().
So, it's not unexpected that this would not show up very often -- the
cookies often expire with the session. But, if you have session
cookies and someone leaves their browser open and the session expires
on the server then, as was in my case, it's impossible to log in
without removing the cookie. I suppose clock differences could
trigger it, too.
When an invalid/expired session is sent in the request what happens is
two session ids are created -- and one is used for storing the session
info, and the other is returned in the cookie. That's why it's
impossible to complete the login process.
When I wrote my test I just had this, which was enough to trigger it:
sub calculate_session_cookie_expires {
my $c = shift;
$c->session;
return $c->NEXT::calculate_session_cookie_expires;
}
I though I'd be smart and write it like this so I could test both with
and without the $c->session call.
sub calculate_session_cookie_expires {
my $c = shift;
if ( $c->stash->{fail} ) {
warn "I'm hit!\n";
$c->session;
}
return $c->NEXT::calculate_session_cookie_expires;
}
And that never fails. Huh. Even if the stash is set the test doesn't
fail.
Anyway, I'll attach a failing test for Session::State::Cookie. This
is all against svn.
The last time I posted a failing test it never got applied. I have
commit to some items, but I can't remember what password I sent to
mst, and what commit access I have. So, it's an attachment, instead.
--
Bill Moseley
[EMAIL PROTECTED]
session_destroyed.t
Description: Troff document
_______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
