Skip Menu |

This queue is for tickets about the Apache2-AuthCookieDBI CPAN distribution.

Report information
The Basics
Id: 75741
Status: rejected
Priority: 0/
Queue: Apache2-AuthCookieDBI
People
Owner: Nobody in particular
Requestors: ccolumbu [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 2.14
Fixed in: (no value)

History Show all quoted text
  Tue Mar 13 12:52:04 2012 ccolumbu [...] gmail.com - Ticket created
Subject: DBI_sessionmodule tie prevents non-mod_perl scripts access
The module ties %session to the Apache2::Session to verify that it exists, and if not sends you to the login page. Then stores the %session in $r->pnotes( WhatEver ). However pnotes is not accessible from standard CGI programs. I suggest simply untieing the session after verification and leaving connectivity to the session as an exercise for the application author and not as part of the module. The only other way I can think of to do this would be with another config var that specifies mod_perl/non-mod_perl and that changes the way the module ties to and stores the %session. I think it is just easier for the maintainer to simply untie. In my version of the module I simply did this (commented out the pnotes line and added removed the tie): #$r->pnotes( $auth_name, \%session ); undef $tie_result; untie(%session);
  Sun Apr 01 16:29:45 2012 matisse [...] spamcop.net - Correspondence added
This module is an Apache module - it is not intended for use in CGI scripts.
  Sun Apr 01 16:29:45 2012 The RT System itself - Status changed from 'new' to 'open'
  Sun Apr 01 16:29:45 2012 matisse [...] spamcop.net - Status changed from 'open' to 'rejected'
  Sun Apr 01 16:44:25 2012 ccolumbu [...] gmail.com - Correspondence added
From: ccolumbu [...] gmail.com
On Sun Apr 01 16:29:45 2012, MATISSE wrote: Show quoted text
> This module is an Apache module - it is not intended for use in CGI
scripts. From the CPAN page: Apache::Session is a persistence framework which is particularly useful for tracking session data between httpd requests. Apache::Session is designed to work with Apache and mod_perl, but it should work under CGI and other web servers, and it also works outside of a web server altogether. ############# I quote "but it should work under CGI and other web servers", plus I have already used it under CGI multiple times before. Your module now prevents its use by CGI by tying to it and blocking the CGI script from tying to it.
  Sun Apr 01 16:44:26 2012 The RT System itself - Status changed from 'rejected' to 'open'
  Mon Apr 02 15:18:26 2012 matisse [...] spamcop.net - Correspondence added
Apache::Session can be used with CGI scripts, but Apache2::AuthCookieDBI can not. On Sun Apr 01 16:44:25 2012, ccolumbu wrote: Show quoted text
> On Sun Apr 01 16:29:45 2012, MATISSE wrote:
> > This module is an Apache module - it is not intended for use in CGI
> scripts. > > From the CPAN page: > Apache::Session is a persistence framework which is particularly useful > for tracking session data between httpd requests. Apache::Session is > designed to work with Apache and mod_perl, but it should work under CGI > and other web servers, and it also works outside of a web server altogether. > > ############# > I quote "but it should work under CGI and other web servers", plus I > have already used it under CGI multiple times before. Your module now > prevents its use by CGI by tying to it and blocking the CGI script from > tying to it.
  Mon Apr 02 15:18:27 2012 matisse [...] spamcop.net - Status changed from 'open' to 'rejected'
  Mon Apr 02 15:21:33 2012 ccolumbu [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #75741] DBI_sessionmodule tie prevents non-mod_perl scripts access
Date: Mon, 02 Apr 2012 12:21:20 -0700
To: bug-Apache2-AuthCookieDBI [...] rt.cpan.org
From: Chad <ccolumbu [...] gmail.com>
What? I am using it with CGI scripts in about 100 applications. ^C On 4/2/2012 12:18 PM, Matisse Enzer via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=75741> > > Apache::Session can be used with CGI scripts, but Apache2::AuthCookieDBI can not. > > On Sun Apr 01 16:44:25 2012, ccolumbu wrote:
>> On Sun Apr 01 16:29:45 2012, MATISSE wrote:
>>> This module is an Apache module - it is not intended for use in CGI
>> scripts. >> >> From the CPAN page: >> Apache::Session is a persistence framework which is particularly useful >> for tracking session data between httpd requests. Apache::Session is >> designed to work with Apache and mod_perl, but it should work under CGI >> and other web servers, and it also works outside of a web server altogether. >> >> ############# >> I quote "but it should work under CGI and other web servers", plus I >> have already used it under CGI multiple times before. Your module now >> prevents its use by CGI by tying to it and blocking the CGI script from >> tying to it.
> >
  Mon Apr 02 15:21:33 2012 The RT System itself - Status changed from 'rejected' to 'open'
  Mon Apr 02 15:22:50 2012 matisse [...] spamcop.net - Correspondence added
well that's an unsupported use, sorry. On Mon Apr 02 15:21:33 2012, ccolumbu wrote: Show quoted text
> What? I am using it with CGI scripts in about 100 applications. > > ^C > > > On 4/2/2012 12:18 PM, Matisse Enzer via RT wrote:
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=75741> > > > > Apache::Session can be used with CGI scripts, but
> Apache2::AuthCookieDBI can not.
> > > > On Sun Apr 01 16:44:25 2012, ccolumbu wrote:
> >> On Sun Apr 01 16:29:45 2012, MATISSE wrote:
> >>> This module is an Apache module - it is not intended for use in
> CGI
> >> scripts. > >> > >> From the CPAN page: > >> Apache::Session is a persistence framework which is particularly
> useful
> >> for tracking session data between httpd requests. Apache::Session
> is
> >> designed to work with Apache and mod_perl, but it should work under
> CGI
> >> and other web servers, and it also works outside of a web server
> altogether.
> >> > >> ############# > >> I quote "but it should work under CGI and other web servers", plus
> I
> >> have already used it under CGI multiple times before. Your module
> now
> >> prevents its use by CGI by tying to it and blocking the CGI script
> from
> >> tying to it.
> > > >
  Mon Apr 02 15:22:54 2012 matisse [...] spamcop.net - Status changed from 'open' to 'rejected'