I've applied the referenced fixes, and released 1.4.
----- Forwarded message from Max Maischein <corion at corion.net> -----
From: Max Maischein <corion at corion.net>
Subject: Buglet in Maypole::Authentication::UserSessionCookie - Logout cookie
parameter isn't set properly
To: simon at cpan.org
X-Spam-Check-By: la.mx.develooper.com
X-Spam-Checker-Version: SpamAssassin 2.70-r6188 (2004-01-17) on
alibi.simon-cozens.org
X-Spam-Status: No, hits=-1.5 required=5.0 tests=BAYES_00,CPAN_ORG,
RATWR10_MESSID,RCVD_IN_NJABL,RCVD_IN_SORBS autolearn=no
version=2.70-r6188
X-Spam-Level:
Hi Simon,
thanks for creating Maypole and the related modules!
I've just tracked down a buglet in M::A::USC. I'm not sure if you
subscribe to test-driven development, so I didn't sit down and write
regression tests to check the behaviour. If you prefer tests to verify
the behavioural change, tell me and I'll try to create the tests.
_log_out_cookie blindly uses
-name => $r->config->{auth}{cookie_name}
which does only work if you don't use the default. The fix is to use
-name => $r->config->{auth}{cookie_name} || "sessionid",
instead.
Also I found that it is impossible to set any cookie path other than
"/", which means that if you have two Maypole instances on the same
Apache server, they will conflict in ugly ways. I would prefer to have a
default of
$r->config->{base_uri}
instead, so the cookie is confined to that part of the website. But
then, I don't know much about cookies and there might be a reason why
you force the cookie to "/".
On the upside, I added the capability to Maypole to do HTTP redirects, a
very important feature if you want to log out users, as the URL stays on
the log-out page. I also set up a very detailed yet maintainable
permission system that has a permission for every exported action of
Maypole. I haven't uploaded these modifications to CPAN yet though - if
you want to preview the HTTP redirect stuff and incorporate into the
main Maypole tree, I would actually prefer that.
-max (Corion on CPAN)
----- End forwarded message -----
-- IBM Pollyanna Principle: Machines should work. People should think._______________________________________________ maypole-dev mailing list maypole-dev at lists.netthink.co.uk http://lists.netthink.co.uk/listinfo/maypole-dev
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:56 GMT