[Catalyst] C::P::Session::Store::DBIC vs. change_session_id

Tamás Eisenberger tamas at eisenberger.hu
Fri Oct 22 10:45:32 GMT 2010


Hy!

I use $c->change_session_id in my login controller, and it worked great
until I switched from FastMmap to DBIC as my session storrage.

Then it gave me the following error, every second time when the login
controller called:
[error] Caught exception in engine
"DBIx::Class::Relationship::CascadeActions::update(): Can't update
iwstudio::cms2::Model::Cms2DBIC::Sessions=3DHASH(0xbe805a8): row not found =
at
/usr/local/share/perl/5.10.1/Catalyst/Plugin/Session/Store/DBIC/Delegate.pm
line 124"

Some cases:
No session cookie, hit login, WORKS, hit login again, ERROR
Session cookie logged out, hit login, ERROR, hit login again, WORKS
Session cookie logged in, hit login, ERROR, hit login again, WORKS

I noticed that requests that not for login or logout doesn't do anything
with sessions (if there were no session no one is created), because my page
still doesn't do anything but log in the user.

So another case:
Create session cookie with the logout controller (no login attempt), hit
login, ERROR, hit login again, WORKS

If I remove change_session_id everythings fine.

So it seems that change_session_id
garbages the session if it's exists and then dies with an error
then subsequent requests get an invalid session id cookie, so behave like no
existing session, and works fine.

The problem exists with SQLite and Pg too.

Loaded related modules:
Catalyst::Plugin::Session (0.31)
Catalyst::Plugin::Session::State ()
Catalyst::Plugin::Session::State::Cookie (0.17)
Catalyst::Plugin::Session::Store ()
Catalyst::Plugin::Session::Store::DBIC (0.11)
Catalyst::Plugin::Session::Store::DBIC::Delegate ()
Catalyst::Plugin::Session::Store::Delegate (0.06)
DBIx::Class (0.08123)

The login controller:
sub login : Chained('lang') Args(0) {
    my ( $self, $c ) =3D @_;

    if ($c->request->parameters->{'username'}) {
        $c->logout();
        $c->session->{admin} =3D undef; # reset admin's session data
        $c->change_session_id();
        $c->authenticate($c->request->parameters);
        $c->stash->{done} =3D $c->user_exists() && $c->user->active;
        unless ($c->stash->{done}) {
            $c->stash->{message} =3D 'Invalid username or password';
            $c->stash->{message} =3D 'You need to activate your account bef=
ore
you can use it!' if $c->user_exists();
        }
        if ($c->request->header('x-requested-with') eq 'XMLHttpRequest') {
            $c->forward('View::JSON');
        } else {
            $c->flash->{login_done} =3D $c->stash->{done};
            $c->flash->{message} =3D $c->stash->{message};


$c->response->redirect($c->uri_for($c->controller('Root')->action_for('inde=
x')))
if $c->stash->{done};
        }
    }
}

Thanks!
Eisenberger Tam=E1s
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20101022/847a5=
7e5/attachment.htm


More information about the Catalyst mailing list