Hi David, hi Dancer users, as talked in mid of December on irc.perl.org/#dancer I had some trouble with Dancer::Session::Cookie and the cookie path.
I used 'session_cookie_path' set to a restricted area of a dancer app (requirement - don't ask), but on some circumstances the path was used or not. Later I figured out that Dancer::Session forces cookie rewrite using Dancer::Session::Abstract->write_session_id and when a session key/value was updated, Dancer::Session::Cookie->flush uses it's own cookie update mechanism. First I added the ability of restricting session cookie path to Dancer::Session::Abstract (and fix some function calls into methods). Then I forgot to install the fix and search for some hours the test failure in upated Dancer::Session::Cookie. This mail includes the patches for Dancer itself - follow up mail includes the patch for Dancer-Session-Cookie dist. Would be great if you could review and/or apply or find someone who could. Thanks in advance, Jens PS: Happy New Year, everyone!
>From 13be47e3be8e0fabb7124165042c3fc6adbd1a19 Mon Sep 17 00:00:00 2001 From: Jens Rehsack <[email protected]> Date: Thu, 27 Dec 2012 16:11:43 +0100 Subject: [PATCH 1/2] add ability to modify session path (restrict session to a sub-site) --- lib/Dancer/Session/Abstract.pm | 1 + t/08_session/15_session_path.t | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 t/08_session/15_session_path.t diff --git a/lib/Dancer/Session/Abstract.pm b/lib/Dancer/Session/Abstract.pm index e986780..319e601 100644 --- a/lib/Dancer/Session/Abstract.pm +++ b/lib/Dancer/Session/Abstract.pm @@ -93,6 +93,7 @@ sub write_session_id { value => $id, domain => setting('session_domain'), secure => setting('session_secure'), + path => setting('session_path'), http_only => defined(setting("session_is_http_only")) ? setting("session_is_http_only") : 1, ); diff --git a/t/08_session/15_session_path.t b/t/08_session/15_session_path.t new file mode 100644 index 0000000..eb7885f --- /dev/null +++ b/t/08_session/15_session_path.t @@ -0,0 +1,34 @@ +#!/usr/bin/env perl + +use strict; +use warnings; + +use Dancer ':syntax', ':tests'; +use Dancer::Session::Simple; +use Test::More tests => 2; + + +my $Session_Name = Dancer::Session::Simple->session_name; + +note "session_domain off"; { + set session => "simple"; + session foo => "bar"; + + my $session_cookie = Dancer::Cookies->cookies->{ $Session_Name }; + is $session_cookie->path => "/"; +} + + +note "session_domain on"; { + delete Dancer::Cookies->cookies->{ $Session_Name }; + + my $test_path = '/test/app'; + + set session => "simple"; + set session_path => $test_path; + + session up => "down"; + + my $session_cookie = Dancer::Cookies->cookies->{ $Session_Name }; + is $session_cookie->path => $test_path; +} -- 1.7.10.2 (Apple Git-33)
>From ef81cc5c9562356c340320076f00486d3ea927c3 Mon Sep 17 00:00:00 2001 From: Jens Rehsack <[email protected]> Date: Thu, 27 Dec 2012 16:58:20 +0100 Subject: [PATCH 2/2] use methods, not package functions --- lib/Dancer/Session/Abstract.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Dancer/Session/Abstract.pm b/lib/Dancer/Session/Abstract.pm index 319e601..5e27ada 100644 --- a/lib/Dancer/Session/Abstract.pm +++ b/lib/Dancer/Session/Abstract.pm @@ -48,7 +48,7 @@ sub reset { # that the session ID is still generated. sub init { my ($self) = @_; - $self->id(build_id()); + $self->id($self->build_id()); } # this method can be overwritten in any Dancer::Session::* module @@ -87,7 +87,7 @@ sub read_session_id { sub write_session_id { my ($class, $id) = @_; - my $name = session_name(); + my $name = $class->session_name(); my %cookie = ( name => $name, value => $id, -- 1.7.10.2 (Apple Git-33)
_______________________________________________ dancer-users mailing list [email protected] http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
