[Catalyst] Duplicate session ids

Bill Moseley moseley at hank.org
Sat May 26 22:28:41 GMT 2007 

On Sat, May 26, 2007 at 04:08:48PM -0400, Perrin Harkins wrote:
> On 5/26/07, Bill Moseley <moseley at hank.org> wrote:
> >Perhaps an easier way to show the problem with duplicate created
> >sessions would help.
> 
> Do you mean duplicate or multiple?  The session ID generation code in
> Catalyst::Plugin::Session does look like it could generate duplicates
> to me, but that would be rare and unpredictable.

Ya, sorry.  Multiple.  It's generating one session id, storing values
under that ID, then creating a new session id and then sending that as
the cookie.  So when the browser returns that cookie none of the
session data is there.

Let me add some data:

catalyst.pl Session >/dev/null

cat << 'EOF' > Session/lib/Session.pm
package Session;
use strict;
use warnings;
use Catalyst::Runtime '5.70';
use Catalyst qw/
    -Debug
    ConfigLoader
    Static::Simple
    Session
    Session::Store::FastMmap
    Session::State::Cookie
/;

__PACKAGE__->config( name => 'Session' );
__PACKAGE__->setup;

sub foo : Local {
    my ( $self, $c ) = @_;
    $c->session->{bar} = 'hello';

    warn "Session id = " . $c->sessionid .
        " and value of bar is [" . $c->session->{bar} ."]\n";

    $c->res->body( "in foo\n" );
}

sub finalize_cookies {
    my $c = shift;
    my $x = $c->session->{foo};
    return $c->NEXT::finalize_cookies( @_ );
}
1;
EOF

Session/script/session_server.pl

Then:

    $ GET -e http://localhost:3000/foo
    Connection: close
    Date: Sat, 26 May 2007 21:26:29 GMT
    Content-Length: 7
    Content-Type: text/html; charset=utf-8
    Client-Date: Sat, 26 May 2007 21:26:29 GMT
    Client-Peer: 127.0.0.1:3000
    Client-Response-Num: 1
    Set-Cookie: session_session=8090bbdfc17c61425fed48c447098f2fb8187577; path=/; expires=Sat, 26-May-2007 23:26:29 GMT
    Status: 200
    X-Catalyst: 5.7007

    in foo

Now notice the session id?  But the debug log showed this:

    You can connect to your server at http://bumby:3000

    Session id = d7a4953c14ef52183940b57a06cde96f72c7da96 and value of bar is [hello]
    [info] *** Request 1 (0.042/s) [18238] [Sat May 26 14:26:29 2007] ***
    [debug] "GET" request for "foo" from "127.0.0.1"
    [debug] Path is "foo"
    [debug] Created session "d7a4953c14ef52183940b57a06cde96f72c7da96"
    [debug] Created session "8090bbdfc17c61425fed48c447098f2fb8187577"





-- 
Bill Moseley
moseley at hank.org

More information about the Catalyst mailing list