[Catalyst] XML RPC : Authentication and Session

Nicolas Raspail nicolas.raspail at whisperingvault.net
Tue Aug 28 08:35:15 GMT 2007 

Quoting "J. Shirley" <jshirley at gmail.com>:

> On 8/27/07, Nicolas Raspail <nicolas.raspail at whisperingvault.net> wrote:
>>
>> Nicolas Raspail a écrit :
>>
>> Hi,
>>
>> I'm struggling with Session URI and XML RPC with no sucess. I can't
>> figure out how this works. I'm using Data::Dumper to dump the value of
>> some catalyst and it seems that the session is not valid anymore in the
>> second RPC call.
>>
>> Can anyone that is using XML RPC and session can explain me how to do
>> that please ?
>>
>> Thanks
>>
>> Nicolas
>>
>> PS: I have made a mistake and send this email only to J. Shirley two
>> time... Sorry
>
>
> Have you made sure to load a session store?  If you capture the session with
> the client and send it out, and then call again with the session ID still in
> the URL it should be working.
>
> Can you paste in your plugin loading and other session config?
>
> -J
>
> (PS., no prob on the private dupes :))
>

Hi,

yes I'm sure I'm loading some session store and state plugins :

use Catalyst qw/
	-Debug
	ConfigLoader
	Static::Simple
	Server
	Server::XMLRPC
	StackTrace
	Authentication
	Authentication::Credential::Password
	Session
	Session::State::URI
	Session::Store::FastMmap
	/;

As I'm using XML RPC, I don't know if the session ID is really present  
in the URL.

At firts, I send a XML RPC request with the username and the password,  
I use $c-authenticate to check the user, and I return the sessionid  
(just in case). I'm using the following code :

sub login : XMLRPCGlobal {
	my ($self, $c, @args) = @_;

	my $username = $args[0];
	my $password = $args[1];

	if ($c->authenticate({username => $username, password => $password})) {
		$c->stash->{xmlrpc} = $c->sessionid;
	} else {
		$c->stash->{xmlrpc} = 'KO';
	}
}

In the debug, I can see that the seesion is created and some info  
about the rewrite :

[info] *** Request 1 (0.250/s) [24319] [Tue Aug 28 09:06:11 2007] ***
[debug] "POST" request for "rpc" from "10.30.72.167"
[debug] XML-RPC: Method called: login
[debug] Path is "login"
[debug] Created session "af80056e4b9423589ed04e6229a774a4141fd488"
[debug] rewriting response elements to include session id
[debug] Rewriting plain body with URI::Find
[info] Request took 0.034779s (28.753/s)


Next, in the same script, I send a second RPC command, with the  
sessionid as first argument, and before allowing it to execute, I must  
verify that the sessionid is still valid. But I can't figure out how  
to compare my sessionid with the sessionid known by Catalyst.

And I don't know if the URI rewriting works with XML RPC :)

Regards

Nicolas

More information about the Catalyst mailing list