[Catalyst] Duplicate session ids
mla
maurice.aubrey at gmail.com
Sat May 26 23:49:23 GMT 2007
mla wrote:
> Bill Moseley wrote:
>> On Sat, May 26, 2007 at 04:08:48PM -0400, Perrin Harkins wrote:
>>> On 5/26/07, Bill Moseley <moseley at hank.org> wrote:
>>>> Perhaps an easier way to show the problem with duplicate created
>>>> sessions would help.
>>> Do you mean duplicate or multiple? The session ID generation code in
>>> Catalyst::Plugin::Session does look like it could generate duplicates
>>> to me, but that would be rare and unpredictable.
>>
>> Ya, sorry. Multiple. It's generating one session id, storing values
>> under that ID, then creating a new session id and then sending that as
>> the cookie. So when the browser returns that cookie none of the
>> session data is there.
>
> I think I see what's happening.
Try changing Catalyst::Plugin::Session::finalize() to this:
sub finalize {
my $c = shift;
$c->NEXT::finalize(@_);
$c->finalize_session;
}
Just flipped the calls so it finalizes last. Seems to fix it.
I still think it might be a good idea to keep track of whether
the finalize has happened and raise an exception if it's used.
Maurice
More information about the Catalyst
mailing list