Skip Menu |
 

This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id: 60933
Status: open
Priority: 0/
Queue: CGI-Session

People
Owner: Nobody in particular
Requestors: xavier.robin [...] bluewin.ch
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: Support for cookie path and domain
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1283333039-11064-170"
Content-Length: 0
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 260
Download (untitled) / with headers
text/plain 260b
I need to configure the "path" of my session cookie. I'm attaching a patch to support it. The path defauts to / (as currently) but can be redefined, as the name is. I don't need it right now but support for the domain of the cookie is also added in the patch.
Subject: Session.pm.diff
MIME-Version: 1.0
Content-Type: application/octet-stream; name="Session.pm.diff"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline; filename="Session.pm.diff"
Content-Transfer-Encoding: base64
Content-Length: 3563
Download Session.pm.diff
text/x-diff 3.4k
--- /usr/lib/perl5/site_perl/5.8.8/CGI/Session.pm.old 2010-08-31 16:46:48.000000000 +0200 +++ /usr/lib/perl5/site_perl/5.8.8/CGI/Session.pm 2010-09-01 10:47:27.000000000 +0200 @@ -9,6 +9,8 @@ @CGI::Session::ISA = qw( CGI::Session::ErrorHandler ); $CGI::Session::VERSION = '4.42'; $CGI::Session::NAME = 'CGISESSID'; +$CGI::Session::PATH = '/'; +$CGI::Session::DOMAIN = undef; $CGI::Session::IP_MATCH = 0; sub STATUS_UNSET () { 1 << 0 } # denotes session that's resetted @@ -182,6 +184,34 @@ return $CGI::Session::NAME; } +sub path { + my $self = shift; + + if (ref $self) { + unless ( @_ ) { + return $self->{_PATH} || $CGI::Session::PATH; + } + return $self->{_PATH} = $_[0]; + } + + $CGI::Session::PATH = $_[0] if @_; + return $CGI::Session::PATH; +} + +sub domain { + my $self = shift; + + if (ref $self) { + unless ( @_ ) { + return $self->{_DOMAIN} || $CGI::Session::DOMAIN; + } + return $self->{_DOMAIN} = $_[0]; + } + + $CGI::Session::DOMAIN = $_[0] if @_; + return $CGI::Session::DOMAIN; +} + sub dump { my $self = shift; @@ -340,13 +370,28 @@ my $cookie= undef; if ( $self->is_expired ) { - $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -expires=> '-1d', @_ ); + if (defined $self->domain) { + $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -expires=> '-1d', -path=>$self->path, -domain=>$self->domain, @_ ); + } + else { + $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -expires=> '-1d', -path=>$self->path, @_ ); + } } elsif ( my $t = $self->expire ) { - $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -expires=> '+' . $t . 's', @_ ); + if (defined $self->domain) { + $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -expires=> '+' . $t . 's', -path=>$self->path, -domain=>$self->domain, @_ ); + } + else { + $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -expires=> '+' . $t . 's', -path=>$self->path, @_ ); + } } else { - $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, @_ ); + if (defined $self->domain) { + $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -path=>$self->path, -domain=>$self->domain, @_ ); + } + else { + $cookie = $query->cookie( -name=>$self->name, -value=>$self->id, -path=>$self->path, @_ ); + } } return $cookie; } @@ -1203,10 +1248,12 @@ It will retrieve the name of the session cookie from C<$session->name()> which defaults to C<$CGI::Session::NAME>. If you want to use a different name for your session cookie, do something like following before creating session object: CGI::Session->name("MY_SID"); + CGI::Session->path("/my_path"); + CGI::Session->path("www.example.com"); $session = CGI::Session->new(undef, $cgi, \%attrs); -Now, $session->header() uses "MY_SID" as a name for the session cookie. For all additional options that can -be passed, see the C<header()> docs in L<CGI>. +Now, $session->header() uses "MY_SID" as a name for the session cookie, with "/my_path" as cookie path and "www.example.com" as domain. +For all additional options that can be passed, see the C<header()> docs in L<CGI>. =head2 query()
From mark [...] summersault.com Wed Sep 1 09: 10:25 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-9.92 tagged_above=-99.9 required=10 tests=[AWL=0.083, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SPF_SOFTFAIL=0.596] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-11064-1283333040-1126.60933-4-0 [...] rt.cpan.org>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.0; i486-pc-linux-gnu)
X-Spam-Flag: NO
References: <RT-Ticket-60933 [...] rt.cpan.org> <rt-3.8.HEAD-11064-1283333040-1126.60933-4-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20100901091253.7864140b [...] summersault.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -9.92
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id D7009240B7E for <cpan-bug+CGI-Session [...] hipster.bestpractical.com>; Wed, 1 Sep 2010 09:10:25 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvzbJKPMHmn1 for <cpan-bug+CGI-Session [...] hipster.bestpractical.com>; Wed, 1 Sep 2010 09:10:23 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id CB69B240B0E for <bug-CGI-Session [...] rt.cpan.org>; Wed, 1 Sep 2010 09:10:22 -0400 (EDT)
Received: (qmail 31496 invoked by uid 103); 1 Sep 2010 13:13:02 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 1 Sep 2010 13:13:02 -0000
Received: from tanagra.summersault.com (HELO tanagra.summersault.com) (12.161.105.149) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Wed, 01 Sep 2010 06:12:58 -0700
Received: (qmail 34145 invoked from network); 1 Sep 2010 13:12:53 -0000
Received: from simba.summersault.com (HELO localhost) (192.168.97.182) by tanagra.summersault.com with SMTP; 1 Sep 2010 13:12:53 -0000
Delivered-To: cpan-bug+CGI-Session [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #60933] Support for cookie path and domain
Return-Path: <mark [...] summersault.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+CGI-Session [...] hipster.bestpractical.com
X-RT-Mail-Extension: cgi-session
Date: Wed, 1 Sep 2010 09:12:53 -0400
X-Spam-Level:
To: bug-CGI-Session [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Mark Stosberg <mark [...] summersault.com>
RT-Message-ID: <rt-3.8.HEAD-11063-1283346788-18.60933-0-0 [...] rt.cpan.org>
Content-Length: 1356
Download (untitled) / with headers
text/plain 1.3k
Show quoted text
> I need to configure the "path" of my session cookie. I'm attaching a > patch to support it. The path defauts to / (as currently) but can be > redefined, as the name is.
Hello Xavier, Thanks for the feedback on CGI::Session, as well as the patch. It's my opinion that CGI::Session should not do anything more with cookie management. It appears that your interest here is to set some easy defaults that are used for all your cookies. My suggestion for this to use a wrapper layer, like the CGI::Application plugin that has a section for cookie defaults: http://search.cpan.org/~ceeshek/CGI-Application-Plugin-Session-1.03/lib/CGI/Application/Plugin/Session.pm#session_config ( This is what I do myself to achieve the same goal. ) Or make your own tiny subclass that overrides the new, header() or cookie methods (whichever you need) so that your values are always set. Just drop in your new method and call $self->SUPER::header() (or whatever) in your method, so that you only have add the small additional bits you need, instead of rewriting a whole method. In any case, I don't think we would add any more global variables in the $CGI::Session:: name space. Those are no longer considered a best practice. I could be pursued otherwise if you wanted to discuss the topic on the mailing list and gather support from some other users. Mark


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.