Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 65492
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: Nobody in particular
Requestors: trevor.phillips [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: CGI::Fast first-request Environment showing up in later requests
Download (untitled) / with headers
text/plain 1.9k
The first request to a CGI::Fast daemon is recording certain environment variables, and later requests are getting these as defaults if none are defined. The two which have affected me are HTTP_COOKIE, and PATH_INFO. If the first request has no value, then all subsequent requests are fine. However, if the first request has values, then these become defaults for future requests which otherwise would have no value. I've tested it both with dynamically starting FastCGIs, and with pre- initialised ones via FastCGIServer, and both exhibit the same behaviour. I've attached a test FastCGI script (test1) which illustrates the problem. If you access it from a browser which has a cookie within the path, or use an extra path, and then access it from a different browser with no cookie/path, you get the cookie/path showing up. This is a pretty big problem for apps which use a cookie to track a session for authentication. If a pre-existing user accesses the app, then their session cookie gets saved as the default, and subsequent anonymous requests show up as authenticated to that user. There may also be other env vars suffering the same issue, but these were the two key ones that are impacting my apps. As some further tests, I tested using just FCGI by itself (see test2). It did not show the problem. I then used a FCGI main loop, but using CGI internally (ie; not using CGI::Fast) (see test3), and it also did not show the problem. I copied CGI/Fast.pm, and found that if I added: $Ext_Request = FCGI::Request(); ...to BEGIN, if there's no FCGI_SOCKET_PATH, then using CGI::Fast works fine. ie; BEGIN { # ... if ($ENV{FCGI_SOCKET_PATH}) { # ... } else { $Ext_Request = FCGI::Request(); } } It seems that using one request, rather than just calling FCGI::accept(), works properly. Before I pinpointed the issue, I updated my CGI perl libs from CPAN, so am using 3.52. The FCGI lib is 0.7.1. The server runs Debian Linux 5.0.6, with kernel 2.6.31.5. Perl is version 5.10.0.
Subject: test1
Download test1
text/plain 1.2k
#!/usr/bin/perl # Test using CGI::Fast, illustrating problem with bleed of Cookie & Path Info. use CGI::Fast; use CGI::Cookie; %Initial = (); while (($key, $val) = each %ENV) { $Initial{$key} = $val; } $Count = 0; while ($q = CGI::Fast->new()) { $Count++; print $q->header(); print "<h4>Current ENV Vars:</h4>\n<dl>".join('',map { '<dt>'.$_.'</dt><dd>'.$ENV{$_}.'</dd>' } qw(REMOTE_ADDR HTTP_COOKIE PATH_INFO QUERY_STRING))."</dl>\n"; print "<h4>Via CGI Methods:</h4>\n<dl>". '<dt>remote_addr</dt><dd>'.$q->remote_addr."</dd>\n". '<dt>raw_cookie</dt><dd>'.$q->raw_cookie."</dd>\n". '<dt>path_info</dt><dd>'.$q->path_info."</dd>\n". '<dt>query_string</dt><dd>'.$q->query_string."</dd>\n". "</dl>"; print <<STOP; <h4>Other</h4> <dl> <dt>Process</dt><dd>$$</dd> <dt>Counter</dt><dd>$Count</dd> </dl> <h4>Versions</h4> <dl> <dt>CGI</dt><dd>$CGI::VERSION</dd> <dt>CGI::Fast</dt><dd>$CGI::Fast::VERSION</dd> <dt>CGI::Cookie</dt><dd>$CGI::Cookie::VERSION</dd> <dt>FCGI</dt><dd>$FCGI::VERSION</dd> </dl> STOP print "<h4>Initial ENV Vars:</h4>\n<dl>".join('',map { '<dt>'.$_.'</dt><dd>'.$Initial{$_}.'</dd>' } qw(REMOTE_ADDR HTTP_COOKIE PATH_INFO QUERY_STRING))."</dl>\n"; }
Subject: test3
Download test3
text/plain 1.3k
#!/usr/bin/perl # Test using FCGI for the main loop, but CGI internally. # This seems to NOT have the problem that CGI::Fast has. use FCGI; use CGI; %Initial = (); while (($key, $val) = each %ENV) { $Initial{$key} = $val; } my $request = FCGI::Request(); $Count = 0; while ($request->Accept() >= 0) { $Count++; my $q = CGI->new(); print $q->header(); # print "Content-type: text/html\n\n"; print "<h4>Current ENV Vars:</h4>\n<dl>".join('',map { '<dt>'.$_.'</dt><dd>'.$ENV{$_}.'</dd>' } qw(REMOTE_ADDR HTTP_COOKIE PATH_INFO QUERY_STRING))."</dl>\n"; print "<h4>Via CGI Methods:</h4>\n<dl>". '<dt>remote_addr</dt><dd>'.$q->remote_addr."</dd>\n". '<dt>raw_cookie</dt><dd>'.$q->raw_cookie."</dd>\n". '<dt>path_info</dt><dd>'.$q->path_info."</dd>\n". '<dt>query_string</dt><dd>'.$q->query_string."</dd>\n". "</dl>"; print <<STOP; <h4>Other</h4> <dl> <dt>Process</dt><dd>$$</dd> <dt>Counter</dt><dd>$Count</dd> </dl> <h4>Versions</h4> <dl> <dt>CGI</dt><dd>$CGI::VERSION</dd> <dt>CGI::Fast</dt><dd>$CGI::Fast::VERSION</dd> <dt>CGI::Cookie</dt><dd>$CGI::Cookie::VERSION</dd> <dt>FCGI</dt><dd>$FCGI::VERSION</dd> </dl> STOP print "<h4>Initial ENV Vars:</h4>\n<dl>".join('',map { '<dt>'.$_.'</dt><dd>'.$Initial{$_}.'</dd>' } qw(REMOTE_ADDR HTTP_COOKIE PATH_INFO QUERY_STRING))."</dl>\n"; }
Subject: test2
Download test2
text/plain 822b
#!/usr/bin/perl # Test using just FCGI, to check the problem isn't related to FCGI. use FCGI; %Initial = (); while (($key, $val) = each %ENV) { $Initial{$key} = $val; } my $request = FCGI::Request(); $Count = 0; while ($request->Accept() >= 0) { $Count++; print "Content-type: text/html\n\n"; print "<h4>Current ENV Vars:</h4>\n<dl>".join('',map { '<dt>'.$_.'</dt><dd>'.$ENV{$_}.'</dd>' } qw(REMOTE_ADDR HTTP_COOKIE PATH_INFO QUERY_STRING))."</dl>\n"; print <<STOP; <h4>Other</h4> <dl> <dt>Process</dt><dd>$$</dd> <dt>Counter</dt><dd>$Count</dd> </dl> <h4>Versions</h4> <dl> <dt>FCGI</dt><dd>$FCGI::VERSION</dd> </dl> STOP print "<h4>Initial ENV Vars:</h4>\n<dl>".join('',map { '<dt>'.$_.'</dt><dd>'.$Initial{$_}.'</dd>' } qw(REMOTE_ADDR HTTP_COOKIE PATH_INFO QUERY_STRING))."</dl>\n"; }
Download (untitled) / with headers
text/plain 240b
This issue has been copied to: https://github.com/leejo/CGI.pm/issues/80 please take all future correspondence there. This ticket will remain open but please do not reply here. This ticket will be closed when the github issue is dealt with.
Download (untitled) / with headers
text/plain 259b
I have added a test and cannot replicate this issue: https://github.com/leejo/cgi-fast/commit/ffd81bc38c1baa1eb9c749831b9c9ed5cec7d103 It has probably been fixed by recent changes to CGI::Fast. Please re-open with an appropriate test case if issue persists.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.