Hi,
I found some small bugs in Maypole-Authentication-UserSessionCookie.
All patches against version 1.4 from CPAN.
Bug 1)
In UserSessionCookie.pm $r->config->{base_uri} (which doesn't
exist) is used instead of $r->config->{uri_base} when setting the
path for the cookie. This creates a cookie that is only valid for
the current path and not everything unter the uri_base. Patch
attached.
Bug 2)
When using "Apache::Session::Postgres" and a user presents a cookie
that's not in the database the instance dies. login_user() checks for
exception "does not exist in data store", but I get
"Object does not exist in the data store at
/usr/share/perl5/Apache/Session/Store/Postgres.pm line 83." (extra
word "the"). Maybe it works with Apache::Session::File but I thinks its
dangerous. Why not just remove the users cookie and send a new one?
My quick solution is to delete the cookie and return (this will make the user
login again). Patch attached.
Regards,
Kester.
_______________________________________________
maypole-dev mailing list
maypole-dev at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole-dev
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:56 GMT