Re: [Maypole-dev] M::A::UserSessionCookie - Problems logging out

From: Marcus Ramberg (marcus at thefeed.no)
Date: Thu Dec 16 2004 - 00:06:56 GMT


Yeah, we can. libapreq is pain. SVN version now reads cookies from
headers_in and writes them to headers_out.

Marcus

On 15. des. 2004, at 19.16, Simon Flack wrote:

> I wonder if we can increase portability by using CGI::Cookie instead
> of Apache::Cookie, and setting the cookies via $r->headers_out?
>
> --simonflk
>
> Marcus Ramberg wrote:
>> Hi, these errors (and others) are fixed in
>> Maypole::Plugin::Authentication::UserSessionCookie .. I'm waiting for
>> a new maypole release to push this, as it depends on features only
>> in existence in the SVN repo, but for interested people it's
>> available at
>> http://dev.thefeed.no/repos/Maypole-Authentication-UserSessionCookie/
>> trunk
>> Marcus
>> On 15. des. 2004, at 17.13, Marcello wrote:
>>> Hallo everybody,
>>> I found two minor bugs in
>>> Maypole/Authentication/UserSessionCookie.pm:
>>>
>>> 1)
>>> method login_user:
>>> -----------------
>>> if ($@ =~ /does not exist in the data store/) {
>>> ^^^ this is missing in the original file
>>> the absence of "the " prevents the hardcoded string from matching
>>> with the returned string, which contains "the ".
>>>
>>> 2)
>>> I was unable to logout because the cookie which was supposed to
>>> "invalidate" the existing one with the session id... did not
>>> invalidate it.
>>> Well, after some time I found a typo that seemed to solve the issue:
>>> method _logout_cookie:
>>> my $cookie_name = $r->config->{auth}{cookie_name} || "session_id";
>>>
>>> method login_user:
>>> my $cookie_name = $r->config->{auth}{cookie_name} || "sessionid";
>>>
>>> Notice the proposed cookie name: it is 'session_id' (with
>>> underscore) in one case, and 'sessionid' (without the underscore)
>>> in the other.
>>> I didn't specify a cookie name for the session id cookie, so the
>>> provided default was used. Since one is supposed to invaidate the
>>> other, when I logged in after a logout the old session cookie was
>>> never invalidated, and the 'check_credential' path was never taken
>>> again.
>>>
>>> Hope this helped someone.
>>>
>>> Marcello
>>>
>>> _______________________________________________
>>> maypole-dev mailing list
>>> maypole-dev at lists.netthink.co.uk
>>> http://lists.netthink.co.uk/listinfo/maypole-dev
>> _______________________________________________
>> maypole-dev mailing list
>> maypole-dev at lists.netthink.co.uk
>> http://lists.netthink.co.uk/listinfo/maypole-dev
>
>
> _______________________________________________
> maypole-dev mailing list
> maypole-dev at lists.netthink.co.uk
> http://lists.netthink.co.uk/listinfo/maypole-dev

_______________________________________________
maypole-dev mailing list
maypole-dev at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole-dev



This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:57 GMT