Bug #40751 for CGI-Session: Session gets dropped when using a HTTP redirect within CGI::Application

Fri Nov 07 14:43:23 2008 axo [...] axo.com.ar - Ticket created

Subject:	Session gets dropped when using a HTTP redirect within CGI::Application
Date:	Fri, 7 Nov 2008 17:42:55 -0200
To:	bug-CGI-Session [...] rt.cpan.org
From:	Axo <axo [...] axo.com.ar>

Session gets dropped when using a HTTP redirect within CGI::Application This is driving me crazy, am I doing something wrong here? If I set a couple of session vars, call flush (or not, its the same) and redirect to another url, in the second run mode a new empty session is created although the cookie doesn't change, so I cant access any of my previous session vars. This only happens the first time for a given client. Its easier to understand looking at the code and the logfile (see below). System details: Perl, v5.8.7 built for i486-linux-gnu-thread-multi on Linux u15292264 2.6.23.16-20080211a #1 SMP $CGI::Session::VERSION = '4.38'; $CGI::Application::VERSION = '4.06'; Code to reproduce: Application.pm file: package TEST::Application; use base 'CGI::Application'; use strict; use CGI::Application::Plugin::Session; use Data::Dumper; open(STDERR, q{>>},'logfiletest'); sub cgiapp_init { my $self = shift; $self->session_config( CGI_SESSION_OPTIONS => [ "driver:File", $self->query, {Directory=>'/var/tmp'} ], SEND_COOKIE => 1, COOKIE_PARAMS => { -expires => "+1h" }, DEFAULT_EXPIRY => "1h" ); } sub cgiapp_prerun { my $self = shift; my $q = $self->query; warn "Mode: ".Dumper($q->path_info)."\n"; } sub setup { my $self = shift; $self->start_mode('index'); $self->mode_param( path_info => -1 ); $self->run_modes([qw/ index ren /]); } ####################################################################################### #### Run Modes ####################################################################################### sub index { my $self = shift; my $session = $self->session; $session->param('md5','123456'); $session->param('logged_user', 'pepe'); $session->flush(); warn "index mode session=".$session->id; my $logged_user = $self->check_session; warn "doing redir..."; $self->redir("/indextest.pl/ren"); return "index mode session=".$session->id; } sub ren { my $self = shift; my $session = $self->session; my $logged_user = $self->check_session; warn "ren logged user=".$logged_user; return "ren mode session=".$session->id; } ####################################################################################### #### Utility functions ####################################################################################### sub check_session { my $self = shift; return unless my $session = $self->session; warn "session id=".$session->id; warn "dataref=".Dumper($session->dataref()); warn "cookie =CGISESSID".$self->query->cookie('CGISESSID'); return unless $session->param('md5'); return $session->param('logged_user') if $session->param('md5'); } sub redir { my $self = shift; my $url = shift; $self->header_type('redirect'); $self->header_props(-url=>$url); return "Redirecting to $url"; } 1; indextest.pl File: #!/usr/bin/perl -w use strict; use CGI::Carp qw(fatalsToBrowser); use TEST::Application; open(STDERR, '>>logfiletest'); my $app = new TEST::Application; $app->run(); Resulting logfiletest: [Fri Nov 7 14:09:04 2008] indextest.pl: Mode: $VAR1 = ''; [Fri Nov 7 14:09:04 2008] indextest.pl: [Fri Nov 7 14:09:05 2008] indextest.pl: index mode session=8931907b0822e3696087a3797ff79fe9 at TEST/Application.pm line 52. [Fri Nov 7 14:09:05 2008] indextest.pl: session id=8931907b0822e3696087a3797ff79fe9 at TEST/Application.pm line 79. [Fri Nov 7 14:09:05 2008] indextest.pl: dataref=$VAR1 = { [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ETIME' => 3600, [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ID' => '8931907b0822e3696087a3797ff79fe9', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ATIME' => 1226084945, [Fri Nov 7 14:09:05 2008] indextest.pl: 'logged_user' => 'pepe', [Fri Nov 7 14:09:05 2008] indextest.pl: 'md5' => '123456', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_REMOTE_ADDR' => '190.18.144.128', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_CTIME' => 1226084945 [Fri Nov 7 14:09:05 2008] indextest.pl: }; [Fri Nov 7 14:09:05 2008] indextest.pl: cookie =CGISESSIDf5f4635a8899929d4649d53074d890c2 at TEST/Application.pm line 81. [Fri Nov 7 14:09:05 2008] indextest.pl: doing redir... at TEST/Application.pm line 56. [Fri Nov 7 14:09:05 2008] indextest.pl: Mode: $VAR1 = '/ren'; [Fri Nov 7 14:09:05 2008] indextest.pl: [Fri Nov 7 14:09:05 2008] indextest.pl: session id=6f5b87b3c56709591d34e2e8920654fa at TEST/Application.pm line 79. [Fri Nov 7 14:09:05 2008] indextest.pl: dataref=$VAR1 = { [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ETIME' => 3600, [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ID' => '6f5b87b3c56709591d34e2e8920654fa', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ATIME' => 1226084945, [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_REMOTE_ADDR' => '190.18.144.128', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_CTIME' => 1226084945 [Fri Nov 7 14:09:05 2008] indextest.pl: }; [Fri Nov 7 14:09:05 2008] indextest.pl: cookie =CGISESSIDf5f4635a8899929d4649d53074d890c2 at TEST/Application.pm line 81. [Fri Nov 7 14:09:05 2008] indextest.pl: Use of uninitialized value in concatenation (.) or string at TEST/Application.pm line 68. [Fri Nov 7 14:09:05 2008] indextest.pl: ren logged user= at TEST/Application.pm line 68. Steps to reproduce: 1- delete all sessions from /var/tmp 2- go to http://webserver/indextest.pl In the logfile you can see that the session id changes after the redirect even if the cookie its the same. Upon inspection of the session dir, 2 different files (sessions) where created.

Fri Nov 07 14:43:50 2008 cgi-session-user-owner [...] lists.sourceforge.net - Correspondence added

Subject:	[rt.cpan.org #40751] Session gets dropped when using a HTTP redirect within CGI::Application
Date:	Fri, 07 Nov 2008 19:43:34 +0000
To:	bug-cgi-session [...] rt.cpan.org
From:	cgi-session-user-owner [...] lists.sourceforge.net

You are not allowed to post to this mailing list, and your message has been automatically rejected. If you think that your messages are being rejected in error, contact the mailing list owner at cgi-session-user-owner@lists.sourceforge.net.

Subject:	[rt.cpan.org #40751] Session gets dropped when using a HTTP redirect within CGI::Application
Date:	Fri, 07 Nov 2008 14:43:27 -0500
To:	cgi-session-user [...] lists.sourceforge.net
From:	"Axo via RT" <bug-CGI-Session [...] rt.cpan.org>

Fri Nov 07 14:43:23 2008: Request 40751 was acted upon. Transaction: Ticket created by axo@axo.com.ar Queue: CGI-Session Subject: Session gets dropped when using a HTTP redirect within CGI::Application Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: axo@axo.com.ar Status: new Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=40751 > Session gets dropped when using a HTTP redirect within CGI::Application This is driving me crazy, am I doing something wrong here? If I set a couple of session vars, call flush (or not, its the same) and redirect to another url, in the second run mode a new empty session is created although the cookie doesn't change, so I cant access any of my previous session vars. This only happens the first time for a given client. Its easier to understand looking at the code and the logfile (see below). System details: Perl, v5.8.7 built for i486-linux-gnu-thread-multi on Linux u15292264 2.6.23.16-20080211a #1 SMP $CGI::Session::VERSION = '4.38'; $CGI::Application::VERSION = '4.06'; Code to reproduce: Application.pm file: package TEST::Application; use base 'CGI::Application'; use strict; use CGI::Application::Plugin::Session; use Data::Dumper; open(STDERR, q{>>},'logfiletest'); sub cgiapp_init { my $self = shift; $self->session_config( CGI_SESSION_OPTIONS => [ "driver:File", $self->query, {Directory=>'/var/tmp'} ], SEND_COOKIE => 1, COOKIE_PARAMS => { -expires => "+1h" }, DEFAULT_EXPIRY => "1h" ); } sub cgiapp_prerun { my $self = shift; my $q = $self->query; warn "Mode: ".Dumper($q->path_info)."\n"; } sub setup { my $self = shift; $self->start_mode('index'); $self->mode_param( path_info => -1 ); $self->run_modes([qw/ index ren /]); } ####################################################################################### #### Run Modes ####################################################################################### sub index { my $self = shift; my $session = $self->session; $session->param('md5','123456'); $session->param('logged_user', 'pepe'); $session->flush(); warn "index mode session=".$session->id; my $logged_user = $self->check_session; warn "doing redir..."; $self->redir("/indextest.pl/ren"); return "index mode session=".$session->id; } sub ren { my $self = shift; my $session = $self->session; my $logged_user = $self->check_session; warn "ren logged user=".$logged_user; return "ren mode session=".$session->id; } ####################################################################################### #### Utility functions ####################################################################################### sub check_session { my $self = shift; return unless my $session = $self->session; warn "session id=".$session->id; warn "dataref=".Dumper($session->dataref()); warn "cookie =CGISESSID".$self->query->cookie('CGISESSID'); return unless $session->param('md5'); return $session->param('logged_user') if $session->param('md5'); } sub redir { my $self = shift; my $url = shift; $self->header_type('redirect'); $self->header_props(-url=>$url); return "Redirecting to $url"; } 1; indextest.pl File: #!/usr/bin/perl -w use strict; use CGI::Carp qw(fatalsToBrowser); use TEST::Application; open(STDERR, '>>logfiletest'); my $app = new TEST::Application; $app->run(); Resulting logfiletest: [Fri Nov 7 14:09:04 2008] indextest.pl: Mode: $VAR1 = ''; [Fri Nov 7 14:09:04 2008] indextest.pl: [Fri Nov 7 14:09:05 2008] indextest.pl: index mode session=8931907b0822e3696087a3797ff79fe9 at TEST/Application.pm line 52. [Fri Nov 7 14:09:05 2008] indextest.pl: session id=8931907b0822e3696087a3797ff79fe9 at TEST/Application.pm line 79. [Fri Nov 7 14:09:05 2008] indextest.pl: dataref=$VAR1 = { [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ETIME' => 3600, [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ID' => '8931907b0822e3696087a3797ff79fe9', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ATIME' => 1226084945, [Fri Nov 7 14:09:05 2008] indextest.pl: 'logged_user' => 'pepe', [Fri Nov 7 14:09:05 2008] indextest.pl: 'md5' => '123456', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_REMOTE_ADDR' => '190.18.144.128', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_CTIME' => 1226084945 [Fri Nov 7 14:09:05 2008] indextest.pl: }; [Fri Nov 7 14:09:05 2008] indextest.pl: cookie =CGISESSIDf5f4635a8899929d4649d53074d890c2 at TEST/Application.pm line 81. [Fri Nov 7 14:09:05 2008] indextest.pl: doing redir... at TEST/Application.pm line 56. [Fri Nov 7 14:09:05 2008] indextest.pl: Mode: $VAR1 = '/ren'; [Fri Nov 7 14:09:05 2008] indextest.pl: [Fri Nov 7 14:09:05 2008] indextest.pl: session id=6f5b87b3c56709591d34e2e8920654fa at TEST/Application.pm line 79. [Fri Nov 7 14:09:05 2008] indextest.pl: dataref=$VAR1 = { [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ETIME' => 3600, [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ID' => '6f5b87b3c56709591d34e2e8920654fa', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_ATIME' => 1226084945, [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_REMOTE_ADDR' => '190.18.144.128', [Fri Nov 7 14:09:05 2008] indextest.pl: '_SESSION_CTIME' => 1226084945 [Fri Nov 7 14:09:05 2008] indextest.pl: }; [Fri Nov 7 14:09:05 2008] indextest.pl: cookie =CGISESSIDf5f4635a8899929d4649d53074d890c2 at TEST/Application.pm line 81. [Fri Nov 7 14:09:05 2008] indextest.pl: Use of uninitialized value in concatenation (.) or string at TEST/Application.pm line 68. [Fri Nov 7 14:09:05 2008] indextest.pl: ren logged user= at TEST/Application.pm line 68. Steps to reproduce: 1- delete all sessions from /var/tmp 2- go to http://webserver/indextest.pl In the logfile you can see that the session id changes after the redirect even if the cookie its the same. Upon inspection of the session dir, 2 different files (sessions) where created.

Session gets dropped when using a HTTP redirect within CGI::Application

This is driving me crazy, am I doing something wrong here?

If I set a couple of session vars, call flush (or not, its the same) and redirect to another url, in the second run mode a new empty session is created although
the cookie doesn't change, so I cant access any of my previous session vars. This only happens the first time for a given client.
Its easier to understand looking at the code and the logfile (see below).

System details:
Perl, v5.8.7 built for i486-linux-gnu-thread-multi on Linux u15292264 2.6.23.16-20080211a #1 SMP
$CGI::Session::VERSION = '4.38';
$CGI::Application::VERSION = '4.06';

Code to reproduce:

Application.pm file:

package TEST::Application;
use base 'CGI::Application';
use strict;
use CGI::Application::Plugin::Session;
use Data::Dumper;

open(STDERR, q{>>},'logfiletest');

sub cgiapp_init {
    my $self = shift;

    $self->session_config(
        CGI_SESSION_OPTIONS => [ "driver:File", $self->query, {Directory=>'/var/tmp'} ],
        SEND_COOKIE => 1,
        COOKIE_PARAMS => {
            -expires => "+1h"
        },
        DEFAULT_EXPIRY => "1h"
    );
}

sub cgiapp_prerun {
    my $self = shift;
    my $q = $self->query;

    warn "Mode: ".Dumper($q->path_info)."\n";
}

sub setup {
    my $self = shift;

    $self->start_mode('index');
    $self->mode_param( path_info => -1 );

    $self->run_modes([qw/
        index
        ren
    /]);
}

Show quoted text

#######################################################################################

#### Run Modes

#######################################################################################

sub index {
    my $self = shift;
    my $session = $self->session;

    $session->param('md5','123456');
    $session->param('logged_user', 'pepe');
    $session->flush();

    warn "index mode session=".$session->id;

    my $logged_user = $self->check_session;

    warn "doing redir...";
    $self->redir("/indextest.pl/ren");

    return "index mode session=".$session->id;
}

sub ren {
    my $self = shift;
    my $session = $self->session;

    my $logged_user = $self->check_session;

    warn "ren logged user=".$logged_user;

    return "ren mode session=".$session->id;
}

Show quoted text

#######################################################################################

#### Utility functions

#######################################################################################

sub check_session {
    my $self = shift;
    return unless my $session = $self->session;
    warn "session id=".$session->id;
    warn "dataref=".Dumper($session->dataref());
    warn "cookie =CGISESSID".$self->query->cookie('CGISESSID');

    return unless $session->param('md5');
    return $session->param('logged_user') if $session->param('md5');
}

sub redir {
    my $self = shift;
    my $url = shift;
    $self->header_type('redirect');
    $self->header_props(-url=>$url);
    return "Redirecting to $url";
}

1;

indextest.pl File:

Show quoted text

#!/usr/bin/perl -w

use strict;
use CGI::Carp qw(fatalsToBrowser);
use TEST::Application;

open(STDERR, '>>logfiletest');

my $app = new TEST::Application;

$app->run();

Resulting logfiletest:

[Fri Nov 7 14:09:04 2008] indextest.pl: Mode: $VAR1 = '';
[Fri Nov 7 14:09:04 2008] indextest.pl:
[Fri Nov 7 14:09:05 2008] indextest.pl: index mode session=8931907b0822e3696087a3797ff79fe9 at TEST/Application.pm line 52.
[Fri Nov 7 14:09:05 2008] indextest.pl: session id=8931907b0822e3696087a3797ff79fe9 at TEST/Application.pm line 79.
[Fri Nov 7 14:09:05 2008] indextest.pl: dataref=$VAR1 = {
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_ETIME' => 3600,
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_ID' => '8931907b0822e3696087a3797ff79fe9',
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_ATIME' => 1226084945,
[Fri Nov 7 14:09:05 2008] indextest.pl:           'logged_user' => 'pepe',
[Fri Nov 7 14:09:05 2008] indextest.pl:           'md5' => '123456',
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_REMOTE_ADDR' => '190.18.144.128',
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_CTIME' => 1226084945
[Fri Nov 7 14:09:05 2008] indextest.pl:         };
[Fri Nov 7 14:09:05 2008] indextest.pl: cookie =CGISESSIDf5f4635a8899929d4649d53074d890c2 at TEST/Application.pm line 81.
[Fri Nov 7 14:09:05 2008] indextest.pl: doing redir... at TEST/Application.pm line 56.
[Fri Nov 7 14:09:05 2008] indextest.pl: Mode: $VAR1 = '/ren';
[Fri Nov 7 14:09:05 2008] indextest.pl:
[Fri Nov 7 14:09:05 2008] indextest.pl: session id=6f5b87b3c56709591d34e2e8920654fa at TEST/Application.pm line 79.
[Fri Nov 7 14:09:05 2008] indextest.pl: dataref=$VAR1 = {
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_ETIME' => 3600,
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_ID' => '6f5b87b3c56709591d34e2e8920654fa',
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_ATIME' => 1226084945,
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_REMOTE_ADDR' => '190.18.144.128',
[Fri Nov 7 14:09:05 2008] indextest.pl:           '_SESSION_CTIME' => 1226084945
[Fri Nov 7 14:09:05 2008] indextest.pl:         };
[Fri Nov 7 14:09:05 2008] indextest.pl: cookie =CGISESSIDf5f4635a8899929d4649d53074d890c2 at TEST/Application.pm line 81.
[Fri Nov 7 14:09:05 2008] indextest.pl: Use of uninitialized value in concatenation (.) or string at TEST/Application.pm line 68.
[Fri Nov 7 14:09:05 2008] indextest.pl: ren logged user= at TEST/Application.pm line 68.

Steps to reproduce:
1- delete all sessions from /var/tmp
2- go to http://webserver/indextest.pl

In the logfile you can see that the session id changes after the redirect even if the cookie its the same. Upon inspection of the session dir, 2 different files (sessions) where created.

Fri Nov 07 14:43:54 2008 The RT System itself - Status changed from 'new' to 'open'

Fri Nov 07 14:57:04 2008 mark [...] summersault.com - Correspondence added

Subject:	Re: [rt.cpan.org #40751] Session gets dropped when using a HTTP redirect within CGI::Application
Date:	Fri, 7 Nov 2008 14:56:50 -0500
To:	bug-CGI-Session [...] rt.cpan.org
From:	Mark Stosberg <mark [...] summersault.com>

Show quoted text

> This is driving me crazy, am I doing something wrong here?

Axo, If you are not sure what's wrong, you should ask for help on a mailing list, the ones for CGI::Application or CGI::Session. It is not the responsibility of the maintainers to respond to all support requests. That said, using a tool like the Web Developer toolbar for Firefox to confirm which cookies are being sent back and forth at which points. Mixing cookies and redirects can be tricky. Mark

Fri Nov 07 15:10:04 2008 axo [...] axo.com.ar - Correspondence added

Subject:	Re: [rt.cpan.org #40751] Session gets dropped when using a HTTP redirect within CGI::Application
Date:	Fri, 7 Nov 2008 18:09:46 -0200
To:	bug-CGI-Session [...] rt.cpan.org
From:	Axo <axo [...] axo.com.ar>

Thanks for the quick response, if you check the logfiletest that I copied before, there is only one cookie involved and its value doesn't change. I know it´s not the responsibility of the maintainers to do anything, if I were sure what's wrong, I wouldn't be submitting a bug report without a patch ;) On Fri, Nov 7, 2008 at 5:57 PM, mark@summersault.com via RT < bug-CGI-Session@rt.cpan.org> wrote: Show quoted text

> <URL: http://rt.cpan.org/Ticket/Display.html?id=40751 > > >

> > This is driving me crazy, am I doing something wrong here?

> > Axo, > > If you are not sure what's wrong, you should ask for help on a mailing > list, > the ones for CGI::Application or CGI::Session. It is not the > responsibility > of the maintainers to respond to all support requests. > > That said, using a tool like the Web Developer toolbar for Firefox to > confirm > which cookies are being sent back and forth at which points. > > Mixing cookies and redirects can be tricky. > > Mark > > >

Wed Mar 04 22:38:42 2009 COSMICNET [...] cpan.org - Correspondence added

I've hit the same problem. Although the more I poke about this is looking like an issue with CGI.pm more than anything else. Maybe try CGI::Simple? Also send the session ID along the query string:- $self->redir("/indextest.pl/ren?CGISESSID=" . $session->id() ); That should ensure the right session is picked up. Lyle

Thu Mar 05 10:06:35 2009 MARKSTOS [...] cpan.org - Correspondence added

On Wed Mar 04 22:38:42 2009, COSMICNET wrote: Show quoted text

> I've hit the same problem. Although the more I poke about this is > looking like an issue with CGI.pm more than anything else. Maybe try > CGI::Simple? > > Also send the session ID along the query string:- > $self->redir("/indextest.pl/ren?CGISESSID=" . $session->id() ); > > That should ensure the right session is picked up.

I've run into cookie/redirect issues before, too. My best understanding is that the core issues don't have to do with which tools you use, but a core understanding of how cookies and http redirects interact, particularly this cycle: - set a cookie - redirect - check the cookie (especially when setting the cookie and redirecting are combined). I recommend watching what's happening with one of the Firefox header inspection extensions, like "LiveHTTPHeaders" or something in the Web Developer toolbar. ) I think that will help you pinpoint where something is going wrong, and then you can consider how to use or modify your tools to better handle the situation. Mark

Sun Mar 08 01:01:43 2009 RSAVAGE [...] cpan.org - Correspondence added

Hi Axo Sorry it's taken so long to get back to you. Another user of CGI::Session (Lyle) has just reported the same issue, on the CGI::Application mailing list, on 2009-03-05. The heading of his msg is '[cgiapp] Intermittent problem with sessions when redirecting'. I'm afraid this is not something CGI::Session has any control over. Here's what I replied to him: Official Guide to Programming with CGI.pm Lincoln Stein Wiley 1998 P 225 says: "All names arguments recognized by header() are also recognized by redirect(). However, most HTTP headers, including those generated by -cookie and -target, are ignored by the browser." Seems to me you've been bitten by this one. And while I think of it. I emailed Lincoln years ago about misprints in this book, and he made it clear to me he would never deal with Wiley again. He despises them for the low standard of their proof-reading. Nothing personal Axo, but we'll classify this one as 'Not a bug'.

Sun Mar 08 01:04:06 2009 RSAVAGE [...] cpan.org - Correspondence added

Hi Folks Lincoln's comments in my previous post indicate we can't patch CGI::Session to deal with this issue, so I'm reclassifying this one as Rejected.

Sun Mar 08 01:04:07 2009 RSAVAGE [...] cpan.org - Status changed from 'open' to 'rejected'

Mon Mar 09 11:07:07 2009 mark [...] summersault.com - Correspondence added

Subject:	Re: [rt.cpan.org #40751] Session gets dropped when using a HTTP redirect within CGI::Application
Date:	Mon, 9 Mar 2009 11:06:32 -0400
To:	bug-CGI-Session [...] rt.cpan.org
From:	Mark Stosberg <mark [...] summersault.com>

Show quoted text

> Official Guide to Programming with CGI.pm > Lincoln Stein > Wiley > 1998 > > P 225 says: > "All names arguments recognized by header() are also recognized by > redirect(). However, most HTTP headers, including those generated by > -cookie and -target, are ignored by the browser." > > Seems to me you've been bitten by this one. > > And while I think of it. I emailed Lincoln years ago about misprints in > this book, and he made it clear to me he would never deal with Wiley > again. He despises them for the low standard of their proof-reading. > > Nothing personal Axo, but we'll classify this one as 'Not a bug'.

Considering the number of people bitten by this over the years (including myself), I consider it a "doc bug" in CGI.pm: http://search.cpan.org/~lds/CGI.pm-3.42/CGI.pm#GENERATING_A_REDIRECTION_HEADER Lincoln has recently been receptive to doc patches I've sent him recently, especially when they directly to his e-mail address. Any volunteers to prepare a doc patch for this and e-mail it Lincoln? It should just be a few minutes more of work, given that the location to patch and the text to use are provided. Mark

Mon Mar 09 11:07:07 2009 The RT System itself - Status changed from 'rejected' to 'open'

Thu Apr 09 20:54:02 2009 MARKSTOS [...] cpan.org - Correspondence added

I'm rejecting this bug here, but I just opened a related doc-bug ticket for CGI.pm: https://rt.cpan.org/Ticket/Display.html?id=44911 Mark

Thu Apr 09 20:54:04 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'rejected'