Skip Menu |

This queue is for tickets about the CGI-Application-PSGI CPAN distribution.

Report information
The Basics
Id: 54762
Status: open
Priority: 0/
Queue: CGI-Application-PSGI

People
Owner: Nobody in particular
Requestors: pshangov [...] yahoo.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.00
Fixed in: (no value)



Subject: %ENV hash empty, confuses CGI::Cookie
CGI::PSGI sets up the %ENV hash temporarily, only to let GGI.pm initialize the query object properly. But CGI::Cookie->get_raw_cookie, which is internally called by CGI::Cookie->fetch to fetch cookies from the request, directly traverses the %ENV hash to get the cookies. This breaks CGI::Application::Plugin::Authentication::Store::Cookie, which can never get hold of a cookie. CGI::Application::PSGI::run should probably do something like 'local $ENV{HTTP_COOKIE} = $env->{HTTP_COOKIE};' before calling CGI::Applicatiion::run.
CC: nicholas [...] periapt.co.uk
Subject: Re: [rt.cpan.org #54762] %ENV hash empty, confuses CGI::Cookie
Date: Thu, 18 Feb 2010 11:23:42 -0500
To: bug-CGI-Application-PSGI [...] rt.cpan.org
From: Mark Stosberg <mark [...] summersault.com>
Show quoted text
> Queue: CGI-Application-PSGI > Subject: %ENV hash empty, confuses CGI::Cookie > Broken in: 1.00 > Severity: Normal > Owner: Nobody > Requestors: pshangov@yahoo.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=54762 > > > > CGI::PSGI sets up the %ENV hash temporarily, only to let GGI.pm > initialize the query object properly. But CGI::Cookie->get_raw_cookie, > which is internally called by CGI::Cookie->fetch to fetch cookies from > the request, directly traverses the %ENV hash to get the cookies. This > breaks CGI::Application::Plugin::Authentication::Store::Cookie, which > can never get hold of a cookie. CGI::Application::PSGI::run should > probably do something like 'local $ENV{HTTP_COOKIE} = > $env->{HTTP_COOKIE};' before calling CGI::Applicatiion::run.
Thanks for the report. Could one solution be for this plugin to use the cookie methods via $self->query instead of calling CGI::Cookie directly? That would give users the flexibility to eventually use other cookie handlers than CGI.pm. ( I realize that this is a false choice now, as there are no other CGI.pm-compatible objects now that support PSGI. ) Mark
Subject: Re: [rt.cpan.org #54762] %ENV hash empty, confuses CGI::Cookie
Date: Thu, 18 Feb 2010 09:47:29 -0800 (PST)
To: bug-CGI-Application-PSGI [...] rt.cpan.org
From: Peter Shangov <pshangov [...] yahoo.com>
Show quoted text
----- Original Message ----
> From: "mark@summersault.com via RT" <bug-CGI-Application-PSGI@rt.cpan.org> > To: pshangov@yahoo.com > Sent: Thu, 18 February, 2010 18:24:49 > Subject: Re: [rt.cpan.org #54762] %ENV hash empty, confuses CGI::Cookie > > > >
> > Queue: CGI-Application-PSGI > > Subject: %ENV hash empty, confuses CGI::Cookie > > Broken in: 1.00 > > Severity: Normal > > Owner: Nobody > > Requestors: pshangov@yahoo.com > > Status: new > > Ticket > > > > > > CGI::PSGI sets up the %ENV hash temporarily, only to let GGI.pm > > initialize the query object properly. But CGI::Cookie->get_raw_cookie, > > which is internally called by CGI::Cookie->fetch to fetch cookies from > > the request, directly traverses the %ENV hash to get the cookies. This > > breaks CGI::Application::Plugin::Authentication::Store::Cookie, which > > can never get hold of a cookie. CGI::Application::PSGI::run should > > probably do something like 'local $ENV{HTTP_COOKIE} = > > $env->{HTTP_COOKIE};' before calling CGI::Applicatiion::run.
> > Thanks for the report. > > Could one solution be for this plugin to use the cookie methods via > $self->query instead of calling CGI::Cookie directly? > > That would give users the flexibility to eventually use other cookie > handlers than CGI.pm. > > ( I realize that this is a false choice now, as there are no other > CGI.pm-compatible objects now that support PSGI. ) > > Mark
I am not sure if such a change is easy as I am not the maintainer of CGI::Application::Plugin::Authentication, just a user. I also had I quick look at the CGI.pm code and it too seems to be calling CGI::Cookie->fetch internally to get the cookies, so using $self->query->cookie directly will probably not work either (not tested though).
Subject: Re: [rt.cpan.org #54762] %ENV hash empty, confuses CGI::Cookie
Date: Thu, 18 Feb 2010 13:03:24 -0500
To: bug-CGI-Application-PSGI [...] rt.cpan.org
From: Mark Stosberg <mark [...] summersault.com>
Show quoted text
> I am not sure if such a change is easy as I am not the maintainer of CGI::Application::Plugin::Authentication, just a user. I also had I quick look at the CGI.pm code and it too seems to be calling CGI::Cookie->fetch internally to get the cookies, so using $self->query->cookie directly will probably not work either (not tested though). >
If $self->query->cookie is used, it will work. Here the query() object is CGI::PSGI, not CGI.pm. If you look at the source of CGI::PSGI, you'll see that it redefines every method in CGI.pm so that a local copy of the environment is provided. Further, it has tests in t/cookie.t to cover that the cookie() method works as expected. In my previous reply, I copied the maintainer of the plugin, so he is in the loop. Mark
Subject: Re: [rt.cpan.org #54762] %ENV hash empty, confuses CGI::Cookie
Date: Thu, 18 Feb 2010 10:19:50 -0800
To: bug-CGI-Application-PSGI [...] rt.cpan.org
From: Tatsuhiko Miyagawa <miyagawa [...] gmail.com>
Mark has already replied but (for now) you can also take a look at other PSGI adapters like CGI::Application::Emulate::PSGI which exactly addresses this problem in a dirty (but worky) way. On Thu, Feb 18, 2010 at 7:58 AM, tupan1 via RT <bug-CGI-Application-PSGI@rt.cpan.org> wrote: Show quoted text
> Thu Feb 18 10:58:58 2010: Request 54762 was acted upon. > Transaction: Ticket created by pshangov >       Queue: CGI-Application-PSGI >     Subject: %ENV hash empty, confuses CGI::Cookie >   Broken in: 1.00 >    Severity: Normal >       Owner: Nobody >  Requestors: pshangov@yahoo.com >      Status: new >  Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=54762 > > > > CGI::PSGI sets up the %ENV hash temporarily, only to let GGI.pm > initialize the query object properly. But CGI::Cookie->get_raw_cookie, > which is internally called by CGI::Cookie->fetch to fetch cookies from > the request, directly traverses the %ENV hash to get the cookies. This > breaks CGI::Application::Plugin::Authentication::Store::Cookie, which > can never get hold of a cookie. CGI::Application::PSGI::run should > probably do something like 'local $ENV{HTTP_COOKIE} = > $env->{HTTP_COOKIE};' before calling CGI::Applicatiion::run. >
-- Tatsuhiko Miyagawa