[Maypole-dev] [corion at corion.net: Buglet in Maypole::Authentication::UserSessionCookie - Logout cookie parameter isn't set properly]

From: Simon Cozens (simon at simon-cozens.org)
Date: Mon Aug 30 2004 - 21:54:13 BST


I've applied the referenced fixes, and released 1.4.

----- Forwarded message from Max Maischein <corion at corion.net> -----

From: Max Maischein <corion at corion.net>
Subject: Buglet in Maypole::Authentication::UserSessionCookie - Logout cookie
 parameter isn't set properly
To: simon at cpan.org
X-Spam-Check-By: la.mx.develooper.com
X-Spam-Checker-Version: SpamAssassin 2.70-r6188 (2004-01-17) on
        alibi.simon-cozens.org
X-Spam-Status: No, hits=-1.5 required=5.0 tests=BAYES_00,CPAN_ORG,
        RATWR10_MESSID,RCVD_IN_NJABL,RCVD_IN_SORBS autolearn=no
        version=2.70-r6188
X-Spam-Level:

Hi Simon,

thanks for creating Maypole and the related modules!

I've just tracked down a buglet in M::A::USC. I'm not sure if you
subscribe to test-driven development, so I didn't sit down and write
regression tests to check the behaviour. If you prefer tests to verify
the behavioural change, tell me and I'll try to create the tests.

_log_out_cookie blindly uses
        -name => $r->config->{auth}{cookie_name}
which does only work if you don't use the default. The fix is to use
        -name => $r->config->{auth}{cookie_name} || "sessionid",
instead.

Also I found that it is impossible to set any cookie path other than
"/", which means that if you have two Maypole instances on the same
Apache server, they will conflict in ugly ways. I would prefer to have a
default of
  $r->config->{base_uri}
instead, so the cookie is confined to that part of the website. But
then, I don't know much about cookies and there might be a reason why
you force the cookie to "/".

On the upside, I added the capability to Maypole to do HTTP redirects, a
very important feature if you want to log out users, as the URL stays on
the log-out page. I also set up a very detailed yet maintainable
permission system that has a permission for every exported action of
Maypole. I haven't uploaded these modifications to CPAN yet though - if
you want to preview the HTTP redirect stuff and incorporate into the
main Maypole tree, I would actually prefer that.

-max (Corion on CPAN)

----- End forwarded message -----

-- 
IBM Pollyanna Principle:
	Machines should work.  People should think.

_______________________________________________ maypole-dev mailing list maypole-dev at lists.netthink.co.uk http://lists.netthink.co.uk/listinfo/maypole-dev



This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:56 GMT