Cees Hek wrote:
>
> On Mon, 26 Mar 2001, Christopher L. Everett,,, wrote:
>
> > Apache::Session::MySQL won't save session state.
> > Apache::Session::File returns the following error:
> >
> > Insecure dependency in open while running with -T switch at
> > /usr/local/lib/perl5/site_perl/5.6.0/Apache/Session/Lock/File.pm
> > line 40.
>
> Well, line 40 of Apache/Session/Lock/File.pm contains the following bit of
> code:
>
>
>open($fh,"+>".$LockDirectory."/Apache-Session-".$session->{data}->{_session_id}.".lock")
> || die $!;D
>
> So perl is telling you that one of the variables being used in the open
> command is Tainted (you are running perl in Taint mode with the -T
> switch turned on). I'm guessing it is probably
> $session->{data}->{_session_id}, which is really just the $session_id
> variable that you pulled out of a Cookie in your code below (and
> cookies are automatically tainted since it comes from the user). You will
> have to untaint the $session_id variable before you pass it to
> Apache::Session, and this error message should go away. See the perl
> manpages on how to untaint variables...
>
Aargh! struck by the blindingly obvious again. I have got to stop
posting in the early morning ... I also figured out the next day
why Apache::Session::MySQL didn't work right, when I investigated
the nature of tied variables a little more closely. undef'ing the
variable at the end of get_session and re-tying %session at the
beginning of put_or_del_session, plus shuffling some code around
in get_seesion pretty well solved that problem. Seemed to me you
can't do something like:
tie %session, 'Apache::Session::MySQL', undef, \%attrs;
$self->{session} = %session;
ant then later on do
%session = $self->{session}
--Christopher
