CGI::Session is very handy, but when running under mod_perl, possible clobbering of data can occur, because you can have many different in-memory copies (in different interpreters) that all reference the same session ID on disk, but aren't in sync. This is especially true in race-type conditions. The DESTROY method of the objects performs a flush to disk which can be confounding, and which I would like to prevent.

For example:

  1. Bob comes to mod_perlish site and gets a cookie with his session ID.
  2. Bob tries to view a users-only page, but is negged because his CGI::Session does not list him as authorized.
  3. Bob logs in, and his CGI::Session now lists him as authorized.
  4. Bob is confused because at some point in the future he seems arbitrarily to be kicked out of the site.
What happened to Bob? The CGI::Session object from his earlier, unauthorized page view, got DESTROY'ed. When it was destroyed, the information in it was flushed to disk, clobbering the disk version of his session and therefore showing him as unauthorized.

What the programmer should do is make sure that as the last part of each request, the CGI::Session object is flushed and closed. However, 1. anomalous things happen that can sometimes prevent normal cleanup / teardown in applications, and 2. really long request times (think major db calls) might result in a second request before the first one is done and cleanup run. Plus, programmers are Lazy.

So, what I believe would help this is to be able to override the DESTROY method for existing objects without changing the source -- essentially, prevent them from running DESTROY, so that they don't flush to disk without my explicit approval.

In reply to Judiciously avoiding DESTROY method for CGI::Session clobber prevention by rlucas

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.