[Catalyst] Session/Authentication/Authorization for legacy + Cat

Ashley Pond V apv at sedition.com
Wed Nov 21 00:13:28 GMT 2007

On Nov 20, 2007, at 2:29 PM, Matt S Trout wrote:
> On Tue, Nov 20, 2007 at 08:41:02PM -0000, Peter Edwards wrote:
>>> On Mon, Nov 19, 2007 at 11:03:24PM -0800, Ashley Pond V wrote:
>>> "Let Catalyst handle /login. Make legacy code get user out of  
>>> session.
>> That's a really good way so long as you can make the old app use a  
>> Catalyst
>> session handler.
> Which in his case is true since he's sharing the sessions via  
> CGI::Session.

I do think this is the way to go. Nice. I also think we have have  
mythology with popular culture, but that's OOOOOOT.

In my prototype I found a pretty annoying interface transparency  
issue though.
This is from an email I just sent the author of  

> C::P:Session::CGISession, puts the data under
>    our $SESSION_DATA_PARAMETER_NAME = '_catalyst_session';
> for cross-compat with other Session hooks, but it hides it from
> the legacy store which is in the same level under _DATA. So the
> Cat manipulated session info is under
>     $session->param("_catalyst_session")
> for the legacy code and the Cat code has no access to anything the
> legacy code sets in the session.
> # some data trimmed out for brevity
> '_DATA' => {
>              'rand_set_in_legacy' => '6.3108406432821',
>              '_catalyst_session' => {
>                                      'rand_set_in_cat' =>  
> '16.4781763075979',
>                                      },
>              '_SESSION_ID' => 'f15b8a17d0fc00a43601226837afd5e8',
>            }
> So, this makes it pretty tricky to mix the two. I'd like to have  
> the Cat::Plugin work at the same level as the vanilla CGI::Session;  
> the "_DATA" store for all top level params. Of course for  
> compatibility with other Cat stuff, the "_catalyst_session" would  
> still work, it would just be a reference to the "_DATA."

So I have a patch, I think, which makes it work on the same internal
data hash for both the Cat and vanilla versions so they can use the
same session transparently. I've offered it to the author, if he
thinks it's a good change.

On unrelated and deeply buried points I would also like to add for the
record (again), that I never start a new thread by replying to an
old message even though the list threads make it look that way.
Mail.app is either doing something squirrelly or my mail host is.

Also the (this archive seems to be stuck in September:
This one is up to date:


More information about the Catalyst mailing list