Skip Menu |

This queue is for tickets about the Catalyst-Plugin-Session CPAN distribution.

Report information
The Basics
Id: 41679
Status: open
Priority: 0/
Queue: Catalyst-Plugin-Session
People
Owner: bobtfish [...] bobtfish.net
Requestors: mods [...] hank.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.19
Fixed in: (no value)

History Show all quoted text
  Sat Dec 13 18:39:49 2008 mods [...] hank.org - Ticket created
http://lists.scsys.co.uk/pipermail/catalyst/2008-December/020427.html When Catalyst::Session fetches an existing session it records its "signature" which it then compares with the session data at the end of the request to decide if the session should be written. _load_session() does: $c->_session_data_sig( Object::Signature::signature($session_data) ) if $session_data; And then _save_session does this: no warnings 'uninitialized'; if ( Object::Signature::signature($session_data) ne $c->_session_data_sig ) { $session_data->{__updated} = time(); my $sid = $c->sessionid; $c->store_session_data( "session:$sid" => $session_data ); } Now, if you call $c->session and no session data is found (no session id, or no session data in store), then a fresh session hash is created. sub initialize_session_data { my $c = shift; my $now = time; return $c->_session( { __created => $now, __updated => $now, ( $c->config->{session}{verify_address} ? ( __address => $c->request->address ) : () ), } ); } Note that it is not saving the signature of this new hash. So, if you look at the session every request, for example: # See if user has selected a language preference my $language = $c->session->{language} || 'en'; Then if a session doesn't exist it will generate a new session id and at the end of the request, since there's no signature of the newly created session data, it will store the empty session. Anyone see a reason why not to create a signature of the new session? sub initialize_session_data { my $c = shift; my $now = time; my $session_data = { __created => $now, __updated => $now, ( $c->config->{session}{verify_address} ? ( __address => $c->request->address ) : () ), }; # Only save this session if data is added by the application $c->_session_data_sig( Object::Signature::signature($session_data) ); return $c->_session($session_data); }
  Thu Feb 05 10:07:00 2009 bobtfish [...] bobtfish.net - Subject changed from (no value) to 'Don't need to create a session when there is no data to store.'
  Thu Feb 05 10:07:04 2009 bobtfish [...] bobtfish.net - Taken
  Mon Jul 19 15:28:38 2010 bobtfish [...] bobtfish.net - Correspondence added
I'm not sure if I'm doing what you suggest correctly, but this appears to cause a lot of the tests to fail.. Can you have a very quick look and confirm the patch below was what you're suggesting / speculate on the test fails?
Subject: rt41679.patch
Index: lib/Catalyst/Plugin/Session.pm =================================================================== --- lib/Catalyst/Plugin/Session.pm (revision 13416) +++ lib/Catalyst/Plugin/Session.pm (working copy) @@ -499,8 +499,7 @@ my $now = time; - return $c->_session( - { + my $session_data = { __created => $now, __updated => $now, @@ -514,8 +513,12 @@ ? ( __user_agent => $c->request->user_agent||'' ) : () ), - } - ); + }; + + # Only save this session if data is added by the application + $c->_session_data_sig( Object::Signature::signature($session_data) ); + + return $c->_session($session_data); } sub generate_session_id {
  Mon Jul 19 15:28:40 2010 The RT System itself - Status changed from 'new' to 'open'