Skip Menu |
 

This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id: 29138
Status: resolved
Priority: 0/
Queue: CGI-Session

People
Owner: MARKSTOS [...] cpan.org
Requestors: nick [...] andrews-consultancy.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: New bug report for CGI::Session
Date: Mon, 3 Sep 2007 19:01:30 +0100
To: <bug-CGI-Session [...] rt.cpan.org>
From: "Nick Andrews" <nick [...] andrews-consultancy.com>
Download (untitled) / with headers
text/plain 1.1k
Hi Mark, I believe I've found a new bug in CGI::Session (v4.20). I have been able to replicate this issue reliably across platforms (Win and Unix) and have identified the cause of the problem and a proposed fix. The issue arises as follows: - You're using -ip_match - You have an existing session - Your IP has changed since your last session Here's my analysis of what happens next: - Browser presents session ID in the cookie - Call to new() detects that the IP doesn't match, deletes session, creates a new one - The new session thus created in this scenario is always *missing* the _SESSION_REMOTE_ADDR parameter. This is where the bug lies. - For this reason all subsequent requests then follow the same pattern: IP doesn't match (because there now isn't one in the session), a new session is created (again without an IP), and the result is a broken session which never 'sticks'. Looking at the code I believe this is fixed by the addition of the following 1 extra line after line 82: $dataref->{_SESSION_REMOTE_ADDR} = $ENV{REMOTE_ADDR} || ""; I hope that my analysis is correct, and that this will enable the posting of a corrected version of the module. Best wishes, Nick Andrews
From: bf.mbox [...] gmail.com
Download (untitled) / with headers
text/plain 786b
Nick, Could you please be specific as to which file you are fixing? I am having similar problems and do not see a follow up to this report. (A context diff would be useful) Another case to consider is when a browser has been closed and the session cookie is deleted, then the browser is restarted and CGI::Session does not have a session id cookie. Thanks, Barry Friedman On Mon Sep 03 14:13:42 2007, nick@andrews-consultancy.com wrote: Show quoted text
> > Looking at the code I believe this is fixed by the addition of the > following 1 extra line > after line 82: > > $dataref->{_SESSION_REMOTE_ADDR} = $ENV{REMOTE_ADDR} || ""; > > I hope that my analysis is correct, and that this will enable the > posting of > a corrected version of the module. > > Best wishes, > Nick Andrews >
CC: cgi-session-user [...] lists.sf.net
Subject: Re: [rt.cpan.org #29138] New bug report for CGI::Session
Date: Mon, 18 Feb 2008 10:14:27 -0500
To: bug-CGI-Session [...] rt.cpan.org
From: Mark Stosberg <mark [...] summersault.com>
Download (untitled) / with headers
text/plain 1.5k
This change looks OK to me. However, I'm about to have a baby any day (hour?) now, so if someone else could update the code, tests and changelog for this, that would be appreciated. (Antirice, still there?) Just post a patch in "diff -u" format as an attachment to this bug report, or commit directly if you have access. Mark Barry Friedman via RT wrote: Show quoted text
> Queue: CGI-Session > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=29138 > > > Nick, > > Could you please be specific as to which file you are fixing? > I am having similar problems and do not see a follow up to this > report. (A context diff would be useful) > > Another case to consider is when a browser has been closed and the > session cookie is deleted, then the browser is restarted and > CGI::Session does not have a session id cookie. > > Thanks, > Barry Friedman > > On Mon Sep 03 14:13:42 2007, nick@andrews-consultancy.com wrote:
>> >> Looking at the code I believe this is fixed by the addition of the >> following 1 extra line >> after line 82: >> >> $dataref->{_SESSION_REMOTE_ADDR} = $ENV{REMOTE_ADDR} || ""; >> >> I hope that my analysis is correct, and that this will enable the >> posting of >> a corrected version of the module. >> >> Best wishes, >> Nick Andrews >>
> > >
-- . . . . . . . . . . . . . . . . . . . . . . . . . . . Mark Stosberg Principal Developer mark@summersault.com Summersault, LLC 765-939-9301 ext 202 database driven websites . . . . . http://www.summersault.com/ . . . . . . . .
Ron Savage said this resolved in our code repository now. Mark


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.