Skip Menu |

This queue is for tickets about the Apache2-AuthCookieDBI CPAN distribution.

Report information
The Basics
Id: 57906
Status: resolved
Worked: 3 hours (180 min)
Priority: 0/
Queue: Apache2-AuthCookieDBI
People
Owner: matisse [...] spamcop.net
Requestors: ccolumbu [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: 2.13

History Show all quoted text
  Thu May 27 11:42:56 2010 ccolumbu [...] gmail.com - Ticket created
Subject: statement handle still Active
I was getting some errors like this: prepare_cached(SELECT passwd_crypt FROM users WHERE username = ? ) statement handle DBI::st=HASH(0x2b26f9f6e140) still Active at /usr/lib/perl5/site_perl/5.8.8/Apache2/AuthCookieDBI.pm line 537 AND prepare_cached(SELECT username FROM users WHERE usergroup = ? AND username = ? ) statement handle DBI::st=HASH(0x2af747b1fc10) still Active at /usr/lib/perl5/site_perl/5.8.8/Apache2/AuthCookieDBI.pm line 894
  Fri May 28 18:50:00 2010 matisse [...] spamcop.net - Taken
  Fri May 28 18:51:10 2010 matisse [...] spamcop.net - Status changed from 'new' to 'open'
  Sun Aug 01 16:09:43 2010 matisse [...] spamcop.net - Correspondence added
Chad - I don't see your proposed patch attached here. I know we went back and forth in email a few times in late May and early June - I was hoping you would attach the latest version of you proposed changes here.
  Sun Aug 01 16:09:44 2010 matisse [...] spamcop.net - Status changed from 'open' to 'stalled'
  Sun Aug 01 17:48:49 2010 ccolumbu [...] gmail.com - Correspondence added
From: ccolumbu [...] gmail.com
On Sun Aug 01 16:09:43 2010, MATISSE wrote: Show quoted text
> Chad - I don't see your proposed patch attached here. I know we went > back and forth in email a few times in late May and early June - I was > hoping you would attach the latest version of you proposed changes here.
Attached are all my changes to support: 1. The password check is now 100%. (it used to just let you in if the password field was blank, no matter what you typed in as a password) 2. Add optional logging to MySQL instead of just to http log. It logs all successful logins, failed logins (and why it failed) 3. Added a "user is active" flag which can be turned on by setting PerlSetVar investorsDBI_UserActiveField "<field name>". 4. I fixed the group checking code, it now works even if the user has no group defined in MySQL. 5. Put the user's group in the ENV var AuthCookieDBI_Group (prob should be some another name? Something more generic like Auth_Group?). To do: 1. The DBI handler is still active error (original error I reported) 2. Add logouts to logging 3. Logout does not always work New problem: It is not really new to me, but I have not reported it to you yet. Logout does not always work. I have tried to mess with the cookie and some other stuff, but I wonder if there is a way to create a "logout" via the module that will GUARANTEE that the user is logged out. Some way to delete the session. Any ideas?
Subject: AuthCookieDBI.pm

Message body is not shown because it is too large.

  Sun Aug 01 17:48:49 2010 The RT System itself - Status changed from 'stalled' to 'open'
  Mon Aug 02 12:22:23 2010 matisse [...] matisse.net - Correspondence added
Subject: Re: [rt.cpan.org #57906] statement handle still Active
Date: Mon, 2 Aug 2010 09:22:03 -0700
To: "bug-Apache2-AuthCookieDBI [...] rt.cpan.org" <bug-Apache2-AuthCookieDBI [...] rt.cpan.org>
From: Matisse Enzer <matisse [...] matisse.net>
Got it thanks. Need to get the unit tests passing. Sent from my iPad On Aug 1, 2010, at 2:48 PM, "Chad via RT" <bug-Apache2-AuthCookieDBI@rt.cpan.org> wrote: Show quoted text
> Queue: Apache2-AuthCookieDBI > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57906 > > > On Sun Aug 01 16:09:43 2010, MATISSE wrote:
>> Chad - I don't see your proposed patch attached here. I know we went >> back and forth in email a few times in late May and early June - I was >> hoping you would attach the latest version of you proposed changes here.
> > > Attached are all my changes to support: > 1. The password check is now 100%. (it used to just let you in if the > password field was blank, no matter what you typed in as a password) > 2. Add optional logging to MySQL instead of just to http log. > It logs all successful logins, failed logins (and why it failed) > 3. Added a "user is active" flag which can be turned on by setting > PerlSetVar investorsDBI_UserActiveField "<field name>". > 4. I fixed the group checking code, it now works even if the user has no > group defined in MySQL. > 5. Put the user's group in the ENV var AuthCookieDBI_Group (prob should > be some another name? Something more generic like Auth_Group?). > > To do: > 1. The DBI handler is still active error (original error I reported) > 2. Add logouts to logging > 3. Logout does not always work > > New problem: > It is not really new to me, but I have not reported it to you yet. > Logout does not always work. I have tried to mess with the cookie and > some other stuff, but I wonder if there is a way to create a "logout" > via the module that will GUARANTEE that the user is logged out. Some way > to delete the session. > Any ideas? > <AuthCookieDBI.pm>
  Tue Aug 03 10:51:57 2010 matisse [...] spamcop.net - Correspondence added
I have started integrating the changes you sent - however I feel some cleanup is needed. For example, there is a lot of duplication of the messages sent to log_to_sql() and $r->log_error() so I'll probably combine those into a single logging function, or at least use a common message string when both are called.
  Tue Aug 03 12:12:42 2010 ccolumbu [...] gmail.com - Correspondence added
From: ccolumbu [...] gmail.com
On Tue Aug 03 10:51:57 2010, MATISSE wrote: Show quoted text
> I have started integrating the changes you sent - however I feel some > cleanup is needed. > > For example, there is a lot of duplication of the messages sent to > log_to_sql() and $r->log_error() so I'll probably combine those into a > single logging function, or at least use a common message string when > both are called.
I agree, but I needed something that worked now,and I did not want to change your code as much as possible. I did what I had to to get it working for my production env, I did not really look at generalizing it to much or efficiency of code.
  Sat Dec 18 20:58:10 2010 matisse [...] spamcop.net - TimeWorked changed from (no value) to '180'
  Sat Dec 18 20:58:10 2010 matisse [...] spamcop.net - Status changed from 'open' to 'resolved'
  Sat Dec 18 20:58:11 2010 matisse [...] spamcop.net - Fixed in 2.13 added