[Catalyst] Session problems with IE and cookies - workaround

Valentin Tumarkin valentin-lists at fuzzycow.org
Thu Mar 29 14:31:03 GMT 2007


This is my first email to this mailing list, so please excuse me if I
break any protocol. I would also like to thank all the developers of
the Catalyst::* modules for providing a great and developer-friendly
framework.

I'm nearing completion of a Catalyst+mod_perl -based project, and I
believe I have encountered an issue similar to the one that was
discussed in this thread.

* Summary:
Bad handling of client requests with expired cookies by the
Catalyst::Plugin::Session::* modules. A possible workaround is
provided.

 * Description:
If the client sends a request with an expired cookie, the framework
will complain about the expired cookie each time session object is
accessed. The Catalyst::Plugin::Session::* modules provide some API
calls for extending/updating existing sessions, however they do not
seem to work for cookies.

My workaround will:
1) Delete the old session
2) Create a new session
3) Return a dummy page, along with a new cookie and a redirect to
site's main page


* Log sample, showing the abnormal behavior:
[debug] "GET" request for "/something/something" from "192.168.1.1"
[debug] Found sessionid "426b08095b8b88dbe74661b6d3c60f291c584619" in cookie
[debug] Deleting session(session expired)
[debug] Found sessionid "426b08095b8b88dbe74661b6d3c60f291c584619" in cookie
[debug] Deleting session(session expired)
[debug] Found sessionid "426b08095b8b88dbe74661b6d3c60f291c584619" in cookie

* Tested with:
Linux/Apache 2.2/mod_perl 2
Catalyst Runtime 5.7005, 5.7007
Catalyst::Plugin::Session::Store::FastMmap
Catalyst::Plugin::Session::State::Cookie
Internet Explorer 6 as a client

* Workaround code:

# In the controller:
sub begin : Private {
	my ($self,$c) = @_;
	if ( $c->session_delete_reason ) {
		$c->detach('restart_session');
  		return 1;
	}
}

sub restart_session : Private {
  my ($self,$c) = @_;
  $c->delete_session('Session has expired');
  $c->create_session_id;
  $c->stash->{'reload_to_url'} = $c->uri_for(''main_page");
  $c->stash->{'template'} = 'reload_window.tt2';
  # Need to use detach here, to jump around the named/"default" action which
  # would otherwise try to handle the request
  $c->detach();
}

# In reload_window.tt2
<html>
<head>
<script type="text/javascript">
function reload_top_location() {
        top.location="[% reload_to_url %]";
}
</script>
</head>
<body onload="reload_top_location()">
You session has expired.

If your web browser does not redirect automatically -
click <a target="_top" href="[% reload_to_url
%]"><strong>here</strong></a> to continue.
</body>
</html>



More information about the Catalyst mailing list