On Aug 30, 2006, at 4:03 PM, Perrin Harkins wrote:
my $session_cookie = "SESSION_ID=$session{_session_id};";
$r->header_out("Set-Cookie" => $session_cookie);
Does that even create a valid cookie?
Cookies have expiration dates , paths, and domains
$cookie = $ r->header_in('Cookie');
$ cookie =~ s/SESSION_ID=(\w*)/$1/;
And that's where it dies on you? Have you checked the value of
$cookie
inside that eval? Maybe it isn't what you think it is.
you can have an arrray of cookies with the same name.
this is from my own library, which does extensive session management.
it might confuse you, but at the same time maybe it'll help you a bit:
as background:
$self is per-request context object with some refs to ApacheRequest
and some other variables.
most objects in my app are given this ctx object,
CookieDefaults is a constant in the context object (or subclass)
that has all of the configuration options
ApacheSessionStore is a constant in the context object (or subclass)
that names the Apache::Session backend
ApacheSessionOptions is a hashref with the options
ApacheSessionOptions{ ApacheSessionStore }= { options }
to set a cookie, i call __cookie__session__set
to pull the session info, i divine the session id
in this case __divine_session_id__cookie
__divine_session_id__cookie reads in all of the cookies, looks for
the session ( named in cookie defaults ), and if it finds one,
validates it ( checks for length, then tries to tie it )
--------
sub __cookie__session__set {
my ( $self )= @_;
$self->__cookie_baker(
$self->CookieDefaults->{'names'}{'Session'},
$self->{'__SESSION'}{_session_id},
$self->CookieDefaults->{'expires'},
$self->CookieDefaults->{'secure'}
);
}
sub __divine_session_id__cookie
{
my ( $self )= @_;
my $sessionID;
# Read In All The Cookies We Can
eval {
my $cookiejar= Apache2::Cookie::Jar->new(
$self->{'ApacheRequest'} );
if ( $cookiejar->cookies( $self->CookieDefaults->{'names'}
{'Session'} ) ) {
my %c_cookies= Apache2::Cookie->fetch(
$self->{'ApacheRequest'} );
my $c_value= $c_cookies{ $self->CookieDefaults->{'names'}
{'Session'} }->value;
$sessionID= $self->__session__validate( $c_value );
}
};
if ( $@ ) {
print STDERR "\nERROR - can not parse cookie";
}
return $sessionID;
}
sub __cookie_baker
{
my ( $self , $name , $value , $expiry , $secure )= @_;
foreach my $domain (@{$self->CookieDefaults->{'domain'}}) {
my $cookie= Apache2::Cookie->new(
$self->{'ApacheRequestRec'},
-name => $name ,
-value => $value ,
-expires => $expiry ,
-secure => $secure ,
);
$cookie->path( $self->CookieDefaults->{'path'} );
$cookie->domain( $domain );
$self->{'ApacheRequestRec'}->err_headers_out->add('Set-Cookie'=>
$cookie);
}
}
sub __session__validate {
my ( $self , $sessionID )= @_;
# If not 32 chars long, kill it
if ( length($sessionID) != 32 ) {
$sessionID= undef;
}
if ( $sessionID ) {
$sessionID= $self->__session__tie( $sessionID );
}
return $sessionID;
}
sub __session__tie {
my ( $self , $sessionID )= @_;
my $error;
my %session;
my $store= $self->ApacheSessionStore ;
my $options= $self->ApacheSessionOptions->{ $store };
# this is a block not an eval, because we want to use error codes
{
no strict 'refs'; # this gets by the generate a new id stuff
if ( $store eq 'File' ) {
eval { tie %session , 'Apache::Session::File', $sessionID,
$options } ;
if ( $@ ) {
$error= 1;
$sessionID= undef;
}
}
else {
# unsupported mode in ApacheSessionStore
$error= 1;
$sessionID= undef;
}
}
if ( $error ) {
return 0;
}
$self->{'__SESSION'}= \%session;
return $self->{'__SESSION'}{_session_id};
}
// Jonathan Vanasco
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
