Would someone please some up theiebeasts! This is my current issue, I'm using
HTML::Mason and
Apache::Session and what I'm doing is using my session.id as a cookie value. In the autohandler of /auth_required/, I check the value of the cookie, and save an instance of
Apache::Session::Pg to that ID. (This ignores some of the given authentication steps.) Then I have $S set as a MasonGlobal and I read from a few tables in Pg into that variable, and display the information elsewhere on the site. For some reason however, the information in $S can get mixed up. I assumed *maybe wrongly* that no other thread or process could set $S, so the information stays in it until needed. In trial production environment I found that other processes when they viewed the index.html would have the sql values they requested loaded into the same global $S overwriting what else was there.
So the first question would be, are Mason globals specific to thread/process, and how can this happen? Crappy arrow diagram displays contents of thought.
$S Global is set in httpd.conf
User makes request->Autohandler reads cookie's value->Creates a tied
Apache::Session::Pg hash as %S->$S Contains a reference to %S->Hash is derefrenced and read and written to in subcomps, which transparently changes Pg's session table in a frozen column a_session.
Yet for some reason when two people are in the system the fields in the templates can be populated with someone elses $S. The first monk to identify problem gets a cookie, the first one to suggest a solution gets a jar.
Update
Perrin: Right on!.. Though your 15min too late. I always get back with the solutions on my SoPW post, so I would like to point to the problem this time: The line that currently reads
$S = \%APACHE_SESSION; read
my $S = \%APACHE_SESSION; -- stupid mistake for someone like myself to make. The last incarnation of this I passed $S via arguements, but it got
VERY messy, so i tried something else. I'm going open my session method for peer review, and so we stop getting stop questions on sessions and cookies.
As follows my mason
autohandler:
<%init>
## Verfiy we have a cookie with a _session_id
my $j = Apache2::Cookie::Jar->new($r);
my $c = $j->cookies('**COOKIE_NAME**');
unless ( defined $c ) {
module::Error::nice_error($m, 'E201');
}
## Verify we have session that matches cookies ID
my %APACHE_SESSION;
eval {
tie %APACHE_SESSION, 'Apache::Session::Postgres', $c->value, {
Handle => $dbh,
Commit => 1,
};
};
if ( $@ ) {
## No tuple with matching ID (form cookie), bogus data.
$dbh->rollback;
module::Error::nice_error($m, 'E301');
}
$S = \%APACHE_SESSION;
## Verify that the sessioned user still has an entry in the users
+table
## Save user information into $U by ref
$U = $dbh->selectrow_hashref(
q{ SELECT * FROM users WHERE pkid = ? }, {}, $APACHE_SESSION{'
+pkid'}
);
if ( defined $U ) {
delete $U->{'password'};
}
else {
$dbh->rollback;
module::Error::nice_error($m, 'E501');
}
</%init>
Evan Carroll
www.EvanCarroll.com
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.