You are viewing a plain text version of this content. The canonical link for it is here.

Posted to embperl@perl.apache.org by Jim Tappe <jt...@gmail.com> on 2018/04/02 18:09:04 UTC

DeleteSession does not always delete session

Hello,

On my high traffic site, I am finding DeleteSession does not always remove
the session cookie or delete session in MySQL.

In my signout, function I call DeleteSession but the sometimes the session
remains.

From init.epl which is called by base.epl.

# function to signout from the session
sub signout {
        my ($self, $req) = @_;
        my $log = Log::Log4perl->get_logger(__PACKAGE__);

        $log->info("***** Delete Session *****");
        # Delete session on signout request
        $req->DeleteSession;

        my %cookies = $self->get_cookies();
        if (defined ($cookies{_session_id})){
                $log->info("session_id cookie exists:
$cookies{_session_id}");
        }

}

BTW, I have also found that assigning to udat does not always create the
session.

Here is my session config.













*PerlModule EmbperlPerlSetEnv EMBPERL_MAILDEBUG 0PerlSetEnv EMBPERL_OPTIONS
262144PerlSetEnv EMBPERL_MAIL_ERRORS_TO "jtappe@gmail.com
<jt...@gmail.com>"PerlSetEnv EMBPERL_ESCMODE 0PerlSetEnv
EMBPERL_SESSION_CLASSES "MySQL MySQL"PerlSetEnv EMBPERL_SESSION_ARGS
"DataSource=dbi:mysql:expat:localhost UserName=user Password=pass
LockDataSource=dbi:mysql:expat:localhost LockUserName=user
LockPassword=pass recreate_id=1 lazy=1"PerlSetEnv EMBPERL_SESSION_MODE
1PerlSetEnv Embperl_Cookie_Domain expatriates.com
<http://expatriates.com>PerlSetEnv EMBPERL_COOKIE_NAME
_session_idPerlSetEnv EMBPERL_COOKIE_PATH /PerlSetEnv
EMBPERL_COOKIE_EXPIRES +3M*

What am I doing wrong?

Thanks,
Jim

Re: DeleteSession does not always delete session

Posted by Jim Tappe <jt...@gmail.com>.

I think (and hope) I found a solution.

In my apache configuration, I removed PerlSetEnv  for the cookie settings
and now embperl consistently configures the cookie as configured.

I changed

*PerlSetEnv EMBPERL_COOKIE_PATH /*

to

*EMBPERL_COOKIE_PATH /*

Although, the embperl log still shows requests being made without the
embperl environment variables.

For example,

[6410]REQ: ***** Start Request at Thu Apr  5 12:23:57 2018
[6410]Use App: Expatriates
[6410]ENV:  MOD_PERL_API_VERSION=2
[6410]ENV:  MOD_PERL=mod_perl/2.0.4
[6410]Using APACHE for output...

Other requests show the environment variables.

[6410]REQ: ***** Start Request at Thu Apr  5 12:23:36 2018
[6410]Use App: Expatriates
[6410]ENV:  EMBPERL_MAIL_ERRORS_TO=jtappe@gmail.com
[6410]ENV:  EMBPERL_MAILDEBUG=0
[6410]ENV:  EXPATLIB=/opt/expatriates.com/lib
[6410]ENV:  EMBPERL_COOKIE_PATH=/
[6410]ENV:  PATH=/sbin:/usr/sbin:/bin:/usr/bin
[6410]ENV:  MOD_PERL_API_VERSION=2
[6410]ENV:  EMBPERL_SESSION_MODE=1

Re: DeleteSession does not always delete session

Posted by Jim Tappe <jt...@gmail.com>.

A few more notes ...

Sometimes I see both EMBPERL_UID and the cookie specified in
*EMBPERL_COOKIE_NAME
"_session_id" present in Chrome Dev tools.*

I can find session information for both session_id and  EMBPERL_UID in the
MySQL sessions table.

The  EMBPERL_UID  has an expiration date of 1969-12-31T23:59:59.000Z

I enabled EMBPERL_DEBUG  to track sessions handling as follows.

PerlSetEnv EMBPERL_DEBUG 2097152
PerlSetEnv EMBPERL_LOG /var/log/embperl_log

In the log, I can find the cookie id  for session_id but not the cookie id
EMBPERL_UID ?

[26247]PERF: DOMSTAT: MemUsage = 523184 Bytes  numNodes = 2308
numLevelLookup = 26  numLevelLookupItem = 526  numStr = 1025  numReplace =
963
[26247]SES:  Received Cookie ID: e78594975f537dc7a42715bdc4d3df5e  New
Cookie ID: e78594975f537dc7a42715bdc4d3df5e  User data is NOT modified
[26247]PERF: input = ???
[26247]PERF: Time: 150 ms



On Mon, Apr 2, 2018 at 8:09 PM, Jim Tappe <jt...@gmail.com> wrote:

> Hello,
>
> On my high traffic site, I am finding DeleteSession does not always remove
> the session cookie or delete session in MySQL.
>
> In my signout, function I call DeleteSession but the sometimes the session
> remains.
>
> From init.epl which is called by base.epl.
>
> # function to signout from the session
> sub signout {
>         my ($self, $req) = @_;
>         my $log = Log::Log4perl->get_logger(__PACKAGE__);
>
>         $log->info("***** Delete Session *****");
>         # Delete session on signout request
>         $req->DeleteSession;
>
>         my %cookies = $self->get_cookies();
>         if (defined ($cookies{_session_id})){
>                 $log->info("session_id cookie exists:
> $cookies{_session_id}");
>         }
>
> }
>
> BTW, I have also found that assigning to udat does not always create the
> session.
>
> Here is my session config.
>
>
>
>
>
>
>
>
>
>
>
>
>
> *PerlModule EmbperlPerlSetEnv EMBPERL_MAILDEBUG 0PerlSetEnv
> EMBPERL_OPTIONS 262144PerlSetEnv EMBPERL_MAIL_ERRORS_TO "jtappe@gmail.com
> <jt...@gmail.com>"PerlSetEnv EMBPERL_ESCMODE 0PerlSetEnv
> EMBPERL_SESSION_CLASSES "MySQL MySQL"PerlSetEnv EMBPERL_SESSION_ARGS
> "DataSource=dbi:mysql:expat:localhost UserName=user Password=pass
> LockDataSource=dbi:mysql:expat:localhost LockUserName=user
> LockPassword=pass recreate_id=1 lazy=1"PerlSetEnv EMBPERL_SESSION_MODE
> 1PerlSetEnv Embperl_Cookie_Domain expatriates.com
> <http://expatriates.com>PerlSetEnv EMBPERL_COOKIE_NAME
> _session_idPerlSetEnv EMBPERL_COOKIE_PATH /PerlSetEnv
> EMBPERL_COOKIE_EXPIRES +3M*
>
> What am I doing wrong?
>
> Thanks,
> Jim
>