[Catalyst] Catalyst::Plugin::Session, Facebook, and Custom Session
ids
Jim Spath
jspath at pangeamedia.com
Mon Jun 4 16:44:50 GMT 2007
So I've started using the Session::State::URI plugin (with rewrite
turned off... I don't need that aspect of it), but have quickly
encountered a problem with using an externally created session key with
Catalyst::Plugin::Session... it doesn't pass validate_session_id().
The session key I receive from Facebook and attempt to use the the
session id is not alphanumeric... e.g. 1254342bc1f2af7558f5979d-728080233
I end up getting the following error:
Tried to set invalid session ID '1254342bc1f2af7558f5979d-728080233' at
/usr/share/perl5/Catalyst/Plugin/Authentication.pm line 103
Is there any way to disable the validation of session ids? Seems like
it would be a somewhat useful option for those cases (like interfacing
with Facebook), where the session ids are pre-created.
- Jim
Yuval Kogman wrote:
> The code below is essentially Catalyst::Plugin::Session::State::URI
> with param set to 'token'.
>
>
> On Wed, May 30, 2007 at 23:00:06 -0700, Jay Buffington wrote:
>> I did something like this. With Session::State::Cookie the session id
>> comes out of the cookie. I wanted web service calls using REST to be
>> able to use that same session id, but pass it as a http parameter
>> (called token) rather than in the cookie.
>>
>> With the below code catalyst will first look for the session in in a
>> url param like this:
>> http://myapp.com/foo?token=af3423e342dac987d8e0a0e
>>
>> If there is no token param the NEXT will cause it to fall back to
>> Session::State::Cookie and look for the session id in the cookie.
>>
>> *** in MyApp.pm ***
>> use Catalyst qw/
>> Session::State::Token
>> Session::State::Cookie
>> /;
>>
>>
>> *** in Catalyst/Plugin/Session/State/Token.pm ***
>> package Catalyst::Plugin::Session::State::Token;
>> use base qw/Catalyst::Plugin::Session::State/;
>>
>> use strict;
>> use warnings;
>>
>> use NEXT;
>>
>> our $VERSION = "0.01";
>>
>> sub get_session_id {
>> my $c = shift;
>>
>> my $session_id = $c->request->params->{token};
>> if ( $session_id ) {
>> $c->log->debug(qq/Found sessionid "$session_id" in request
>> parameter/) if $c->debug;
>> return $session_id;
>> }
>>
>> $c->NEXT::get_session_id(@_);
>> }
>>
>> 1;
>>
>>
>>
>> On 5/30/07, Jim Spath <jspath at pangeamedia.com> wrote:
>>> I'm currently using the following plugins for session management in my
>>> Catalyst app:
>>>
>>> Session
>>> Session::Store::Memcached
>>> Session::State::Cookie
>>> Session::DynamicExpiry
>>>
>>> Along with the following authentication plugins:
>>>
>>> Authentication
>>> Authentication::Store::DBIC
>>> Authentication::Credential::Password
>>>
>>> It all works great on my site... however, I was looking to integrate our
>>> app into Facebook, and to have users login to our service through Facebook.
>>>
>>> For every request, they will be passing an parameter called fb_sig_user,
>>> which I should be using as a session id on our side.
>>>
>>> I was wondering if there was a way that I could override the automatic
>>> creation of session ids with the Facebook id, while also continuing to
>>> use my current setup for onsite users? I've looked through the docs and
>>> searched a bit and am unclear on this.
>>>
>>> Thanks!
>>> Jim
More information about the Catalyst
mailing list