You are viewing a plain text version of this content. The canonical link for it is here.

Posted to embperl@perl.apache.org by David Lloyd <ll...@rebel.net.au> on 2001/10/29 08:35:47 UTC

Session Handling and Get Variables or Forms

Hmmm...

I have an authentication system that uses the Apache::Session::MySQL
backend with cookies to handle authentication.

Sequence I use is:

1) Get username and password
2) If ok, generate a sessionkey and set
$udat{'sessionkey'}=gen_sessionkey($username)

However, every now and then Embperl will suddenly turn up with an old
value for $udat{'sessionkey'}.

I've got gen_sessionkey to error log when it generates a new key.

Here's what happens:

1) I get myself a sessionkey
2) It gets put into the session cookie (I turn on warn on all cookies so
I can see it being set)
3) I go about my business

Now, every time that I verify a session key I log that and the value of
the session key to the error log.

Most of the time, the session key behaves itself.

However, sometimes - especially after forms and especially with forms
that use GET rather than POST - it turns up with an old session key. The
$udat{'sessionkey'} definitely USED TO belong to the user.

Most of the time, about 6 or 10 downloads will "magically" convince
Embperl/Apache (or whatever) to get the right value but sometimes I just
have to log in again.

At first I thought that my stupid Netscape 4.76 for Linux had a bug and
kept on sending the wrong cookie but but I've tried:

Netscape 4.76 for Linux
Netscape 4.77 for Linux
Netscape 4.76 running under Linux compatibility for FreeBSD 4.4
Mozilla 0.74 for Linux
Internet Explorer (v 5 or something like that)
Netscape 6.0 under Windows

And they ALL display the same behaviour.

Anyone seen anything similar or does it kinda remind you of an
experience that you had?

DSL


-- 
If we could extract all the evil from each of us,
 Think of the world that we could create!
 A world without anger, or violence or strife...
 (From the Musical, Jekyll and Hyde)

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Session Handling and Get Variables or Forms

Posted by David Lloyd <ll...@rebel.net.au>.

Gerald!

> Do you see a message like "Embperl session management enabled" at server
> startup ?

Yes.

> Do you see your sessions gets written into the database ?

Yesterday I created a Perl script that took an MD5 hash of the database
field. In Pseudo code I did:

Let get_hash equal:
* $id=session ID is
* $tohash="SELECT a_session FROM EmbperlSessions.session WHERE id=$id"
* $hash=Digest::MD5::hexhash($tohash)
* print "$hash\n"

get_hash()

Do something that should change $udat and the underlying session.

get_hash()

Now, the printed output of get_hash changed at the appropriate time.

I then discovered an error in my own code that buggered up the values
that I store in $udat so I don't think that it's Embperl's fault.

DSL
-- 
If we could extract all the evil from each of us,
 Think of the world that we could create!
 A world without anger, or violence or strife...
 (From the Musical, Jekyll and Hyde)

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Session Handling and Get Variables or Forms

Posted by Gerald Richter <ri...@ecos.de>.

>
> My cookie path is set to:
>
> /ispeed
>
> And all my pages reside under /ispeed.
>

Do you see a message like "Embperl session management enabled" at server
startup ?

Do you see your sessions gets written into the database ?

If both are true, you may try to use File as datastore, so we can see if
it's a database issue or a Embperl session setup issue.

Gerald

-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------



---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Session Handling and Get Variables or Forms

Posted by David Lloyd <ll...@rebel.net.au>.

Hmmmm...

> There are two things that I could image. Either for whatever reason your
> sessions never goes into the database, in this case %udat will behave like a
> normal hash and it works as long as you hit the same child. (You will hit
> the same child as long as your KeepAliveTimeout isn't over, default 15sec).
> The other possibility is you don't have set the cookiepath, but your page
> resides in other directory, which is not under the directory which the
> cookie send.

My cookie path is set to:

/ispeed

And all my pages reside under /ispeed.

DSL
-- 
If we could extract all the evil from each of us,
 Think of the world that we could create!
 A world without anger, or violence or strife...
 (From the Musical, Jekyll and Hyde)

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Session Handling and Get Variables or Forms

Posted by David Lloyd <ll...@rebel.net.au>.

Elvis!

[root@localhost /root]# rpm -qa | grep mysql
mysql-3.23.36-1
php-mysql-4.0.4pl1-9
mysqlclient9-3.23.22-4
mysql-server-3.23.36-1
mysql-devel-3.23.36-1

DSL
-- 
If we could extract all the evil from each of us,
 Think of the world that we could create!
 A world without anger, or violence or strife...
 (From the Musical, Jekyll and Hyde)

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Session Handling and Get Variables or Forms

Posted by Elvis <el...@goebusiness.com>.

What version of MySQL is being used?  I had a case of using 3.23.34 and there apparently is a threading bug that was fixed in .35.  I'd see the UPDATE command go into the DB for the session, but it was actually never taken effect.

Bill "Elvis" Gibbs
goEbusiness.com - putting e-motion in your business
email - elvis@goebusiness.com work - 301-668-5090 cell - 301-748-6938

On Mon, 29 Oct 2001, Gerald Richter wrote:

> >
> > I have an authentication system that uses the Apache::Session::MySQL
> > backend with cookies to handle authentication.
> >
> > Sequence I use is:
> >
> > 1) Get username and password
> > 2) If ok, generate a sessionkey and set
> > $udat{'sessionkey'}=gen_sessionkey($username)
> >
> > However, every now and then Embperl will suddenly turn up with an old
> > value for $udat{'sessionkey'}.
> >
> 
> There are two things that I could image. Either for whatever reason your
> sessions never goes into the database, in this case %udat will behave like a
> normal hash and it works as long as you hit the same child. (You will hit
> the same child as long as your KeepAliveTimeout isn't over, default 15sec).
> The other possibility is you don't have set the cookiepath, but your page
> resides in other directory, which is not under the directory which the
> cookie send.
> 
> Gerald
> 
> -------------------------------------------------------------
> Gerald Richter    ecos electronic communication services gmbh
> Internetconnect * Webserver/-design/-datenbanken * Consulting
> 
> Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
> E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
> WWW:        http://www.ecos.de      Fax:      +49 6133 925152
> -------------------------------------------------------------
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Session Handling and Get Variables or Forms

Posted by Gerald Richter <ri...@ecos.de>.

>
> I have an authentication system that uses the Apache::Session::MySQL
> backend with cookies to handle authentication.
>
> Sequence I use is:
>
> 1) Get username and password
> 2) If ok, generate a sessionkey and set
> $udat{'sessionkey'}=gen_sessionkey($username)
>
> However, every now and then Embperl will suddenly turn up with an old
> value for $udat{'sessionkey'}.
>

There are two things that I could image. Either for whatever reason your
sessions never goes into the database, in this case %udat will behave like a
normal hash and it works as long as you hit the same child. (You will hit
the same child as long as your KeepAliveTimeout isn't over, default 15sec).
The other possibility is you don't have set the cookiepath, but your page
resides in other directory, which is not under the directory which the
cookie send.

Gerald

-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------



---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org