Re: [Mason] Problem with consistent cookies

Thu, 25 Jan 2007 07:49:28 -0800 

You seem to be making the classic mistake of storing session IDs in a global. 
Globals are
per process so your app will only work intermittently. Use a database or 
Apache::Session
which provides many storage backends (again choose a database backend to be 
future safe).

I always use Apache2::Cookie to read/write cookies. Is there an advantage of 
using APR::Request::Apache2->handle ?

Here's something I use:

in PerlAccessHandler:

sub handler {
my ($class,$ar) = @_;
my $r          = Apache2::Request->new($ar);
my $cookie = Apache2::Cookie::Jar->new($r);
if ($cookie) {
   my %values      = $cookie->value;
   my $session_id = $values{session_id};
   # try reading this session_id from sessions table. If yes, we're good
   # if not, it's a bad session_id..take 'em to login page?
} else {
   # not logged in? go back to login page?
}

in Mason login handler:
my $user_name = $r->param('user_name');
my $pass           = $r->param('password');
# validate $user_name and $password, if good, generate a session:
if (_validate($user_name, $pass)) {
    my $session_id  = Data::GUID->new->as_string;
    # write this session_id into sessions table  ...
    # create  a cookie:
    my $value = [
             session_id     => $session_id, 
    ];
    my $cookie = Apache2::Cookie->new(
                                   $r,
                                   -name  => 'my-cookie',
                                   -value  => $value,
                                   -path   => '/',
                                   -expires => '+1h',
    );
    $cookie->bake($r);
    # redirect to 'home' page.
}
  It doesn't scramble the cookie but should be easy to add.

----- Original Message ----
From: Jim Rey <[EMAIL PROTECTED]>
To: mason-users@lists.sourceforge.net
Sent: Thursday, January 25, 2007 9:56:37 AM
Subject: [Mason] Problem with consistent cookies

I am using Mason 2, Apache 2, mod_perl 2 and I have been banging my head 
against a brick wall trying to get session ids to work.  The code below has 
been working pewrfectly on my development PC, but has suddenly refused to work 
any longer when called remotely.


I use a global variable declared in my httpd.conf (these work perfectly)

MasonAllowGlobals %MyGlobal
PerlAddVar MasonAllowGlobals $MyDbh
PerlAddVar MasonAllowGlobals $MyDiag

In perl-HTML-Mason.conf
 I have the following modules loaded at startup:

PerlOptions +GlobalRequest
PerlModule Apache2::Request
PerlSetVar MasonArgsMethod mod_perl
PerlModule Apache::DBI
PerlModule Apache2::RequestUtil
PerlModule Apache2::Cookie

PerlModule Digest::SHA1
PerlModule Digest::MD4
PerlModule Apache2::Connection
PerlModule Apache2::RequestRec
PerlModule Apache2::Request
PerlModule Apache2::Const
PerlModule APR::Table
PerlModule APR::Request

PerlModule APR::Request::Cookie

 In my autohandler I have the following code for cookies/sessions (all 
variables declared using strict):
# fetch inbound cookie

$req = APR::Request::Apache2->handle ($r);

$cookie_in = undef;
$jar = $req->jar;
if ($jar) {
    $cookie_in = $jar->get("$SessionName");
    if ($cookie_in) {
        $cookie_val = "$cookie_in";
    }
}

# If no cookie, create it.


if (not $cookie_in) {
    $cookie_val = Digest::SHA1::sha1_hex (time, rand, $$);
}

# Save cookie for login/out and basket.

$MyGlobal{'SessionId'} = $cookie_val;
$SessionId = $MyGlobal{'SessionId'};


# generate new cookie

$cookie_out = APR::Request::Cookie->new (
    $req->pool,
    name => "$SessionName",
    value => $cookie_val,
    domain => "metsys2.dev",

    expires => '+20m'
);

$cookie_out->version(1); # upgrade it to conform with RFC 2109/2965.

# send a response header

bake ($cookie_out, $r);

-----------------------------------


All I want is to generate reliable session ids.
Does anyone have any working code that I can use?

Jim Rey
-- 
Jim Rey
48 Laburnum Park
Bradshaw
Bolton BL2 3BU
United Kingdom
Tel: 01204 593 222

Mob: 07816 751 874
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users





-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users

Reply via email to