Skip Menu |

This queue is for tickets about the Catalyst-Plugin-Session-Store-DBI CPAN distribution.

Report information
The Basics
Id: 24019
Status: open
Priority: 0/
Queue: Catalyst-Plugin-Session-Store-DBI

People
Owner: AGRUNDMA [...] cpan.org
Requestors: ryan [...] vbijl.net
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: If you have flash data, but no session data, bad things happen
Hi, I'm using the Catalyst::Plugin::Session::Store::DBI module, and I've discovered a bug, at least I think it is. If you have flash data, but no session data, then in sessions table only a 'flash:...' entry gets created. This makes sense. The problem is in get_session_data, when trying to get 'expires:...', then it looks for a session table entry with id = 'session:...'. But since we only have flash data, this search comes up empty, and causes the session to think that it has expired, and thus to be deleted. A work-around is to also include some (unused) data in the session, but this seems wrong. Thanks! -Ryan -- Ryan VanderBijl | http://vbijl.net/~ryan/
From: AGRUNDMA [...] cpan.org
More info from Ryan: ---- I just discovered it might even be worse. I am using Session::State::Cookie. I have a login page. When a user goes to the login page for the first time, a session is automatically created/assigned. However, I don't actually store any data in flash or session yet. So nothing exists in the seessions table. The next query from the user the Store::DBI doesn't find the session, and so the Plugin::Session keeps on trying to delete the session. You can see this from these logs: [catalyst] [debug] Found sessionid "c109a7374ab3b7e6e093250fe4895a4600864bf7" in cookie [catalyst] [debug] Deleting session(session expired) [catalyst] [debug] ***Root::auto User not found, forwarding to /login [catalyst] [debug] Found sessionid "c109a7374ab3b7e6e093250fe4895a4600864bf7" in cookie [catalyst] [debug] Deleting session(session expired) [catalyst] [debug] Found sessionid "c109a7374ab3b7e6e093250fe4895a4600864bf7" in cookie [catalyst] [debug] Successfully authenticated user 'ryan.vanderbijl@icthings.com'. [catalyst] [info] User login or already exists(logged in) I'm not sure why all of a sudden it decides to stop deleting the session. Why doesn't the database sessions table look like: id session_data flash_data expires It seems silly to have two rows, one for session_data and one for flash. At the very least it means that the expires column can be duplicated and that is bad database design. Just my thoughts, Thanks! -Ryan -- Ryan VanderBijl | http://vbijl.net/~ryan/