On Mon, Nov 13, 2000 at 02:19:58PM +1100, Angus Lees wrote:
> manually modifying the cookie still gives me the same taint and
> internal server error
> (i'm using Apache::Session 1.0, btw. i don't think i've mentioned that
> earlier)
found it. and it did only turn up in 1.0, not 1.5.
even though the previous validation check failed and recreate_id was
set, it was still trying to use the given session_id
Index: Embperl/Session.pm
===================================================================
RCS file: /home/cvspublic/embperl/Embperl/Session.pm,v
retrieving revision 1.10
diff -u -r1.10 Session.pm
--- Embperl/Session.pm 2000/11/10 08:23:16 1.10
+++ Embperl/Session.pm 2000/11/13 04:23:16
@@ -285,7 +285,7 @@
}
else
{
- $self->{data}->{_session_id} = $self -> generate_id() if
(!$self->{data}->{_session_id}) ;
+ $self->{data}->{_session_id} = $self -> generate_id() ;
}
}
$self->save;
--
- Gus
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
