[Maypole-dev] Bugs in Maypole-Authentication-UserSessionCookie w/ patch

From: Kester Habermann (kester.habermann at gmail.com)
Date: Sat Nov 13 2004 - 19:02:31 GMT


Hi,

I found some small bugs in Maypole-Authentication-UserSessionCookie.
All patches against version 1.4 from CPAN.

Bug 1)
   In UserSessionCookie.pm $r->config->{base_uri} (which doesn't
   exist) is used instead of $r->config->{uri_base} when setting the
   path for the cookie. This creates a cookie that is only valid for
   the current path and not everything unter the uri_base. Patch
   attached.

Bug 2)
   When using "Apache::Session::Postgres" and a user presents a cookie
   that's not in the database the instance dies. login_user() checks for
   exception "does not exist in data store", but I get
   "Object does not exist in the data store at
   /usr/share/perl5/Apache/Session/Store/Postgres.pm line 83." (extra
   word "the"). Maybe it works with Apache::Session::File but I thinks its
   dangerous. Why not just remove the users cookie and send a new one?
   My quick solution is to delete the cookie and return (this will make the user
   login again). Patch attached.

Regards,

Kester.





_______________________________________________
maypole-dev mailing list
maypole-dev at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole-dev



This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:56 GMT