I'm running a web application under Apache::Register and mod_perl 1 --
using CGI::Application, Class::DBI and Template Toolkit.
I have a question on package globals. My expectation is that each
instance of the Apache intrepeter will have its own copy of the package
globals.
I.e. in any given thread I can assign to a package variable and have it
be unchanged for the remainder of the request. However I'm seeing weird
behavior that could be explained by the value changing.
I am extracting the currently logged in user from an encoded cookie in
my CGI::App code and setting a package variable value on every invocation:
package TestApp;
use base 'CGI::Application';
use vars qw( $user );
sub cgiapp_prerun
{
my $self = shift;
my $runmode = shift;
$user = $self->query->cookie('user');
...
I want to keep the currently logged in user as a global because I have
Template toolkit callbacks to the Class::DBI object and they perform
authorization checks (e.g. an employee's ssn should not be visible to
other users):
package Employee;
use base 'Class::DBI::mysql';
__PACKAGE__->set_db('Main', "dbi:mysql:test", $dbacct, $dbpw);
__PACKAGE__->set_up_table('employee');
sub ssn
{
my $self = shift;
return $self->name eq $TestApp::user ? $self->get('ssn') : "Private";
}
My users have seen instances where they see the private info of other
users, as if the package var $user had been set to something other than
themself.
I would expect $user to remain unchanged, even if another user hit the
website simultaneously -- their access would set $user of another thread.
Or am I missing something big (would the different apache children share
package globals???)
If my understanding is correct, then I've got a bug elsewhere in my
code. I'm in the progress of migrating to modperl 2/Apache 2, so
comments on the same scenario in MP2 are of interest too...
Thanks,
--Mike Carlton
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
