[Catalyst] Duplicate session ids

mla maurice.aubrey at gmail.com
Sat May 26 23:49:23 GMT 2007


mla wrote:
> Bill Moseley wrote:
>> On Sat, May 26, 2007 at 04:08:48PM -0400, Perrin Harkins wrote:
>>> On 5/26/07, Bill Moseley <moseley at hank.org> wrote:
>>>> Perhaps an easier way to show the problem with duplicate created
>>>> sessions would help.
>>> Do you mean duplicate or multiple?  The session ID generation code in
>>> Catalyst::Plugin::Session does look like it could generate duplicates
>>> to me, but that would be rare and unpredictable.
>>
>> Ya, sorry.  Multiple.  It's generating one session id, storing values
>> under that ID, then creating a new session id and then sending that as
>> the cookie.  So when the browser returns that cookie none of the
>> session data is there.
> 
> I think I see what's happening.

Try changing Catalyst::Plugin::Session::finalize() to this:

sub finalize {
     my $c = shift;

     $c->NEXT::finalize(@_);
     $c->finalize_session;
}

Just flipped the calls so it finalizes last. Seems to fix it.

I still think it might be a good idea to keep track of whether
the finalize has happened and raise an exception if it's used.

Maurice



More information about the Catalyst mailing list