Re: Magic number checking on storable error with Apache::Session::MySQL

2003-07-10 Thread Stas Bekman 
Dan McCormick wrote:
Hi,

I'm running a site with Apache, MySQL, Mason, and
Apache::Session::MySQL.  I've been sporadically seeing this message in
my error log:
[Wed Jul  9 20:41:42 2003] [error] Magic number checking on storable
string failed at blib/lib/Storable.pm (autosplit into
blib/lib/auto/Storable/thaw.al) line 364, at
/usr/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.pm line
27
Can anyone provide any clues as to why this might be happening?  Is it
implying the db data is corrupt?
probably most likely unrelated to mod_perl, the error normally happens when 
you upgrade Storable and you try to read files that were created with older 
Storable version. perl users list/newsgroups is probably more appropriate for 
this issue.

FYI, a cronjob deletes sessions that are more than 30 minutes old, but
creating a session and then manually deleting it did not reproduce this
error.
Software specs:
Apache 1.3.27
mod_perl 1.27
Apache::Session 1.54
MySQL 4.0.13
Thanks,
Dan


--

__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-26 Thread md 

--- Perrin Harkins [EMAIL PROTECTED] wrote:
 
 If you look at the actual contents of
 Apache::Session::MySQL, you'll see 
 that it's essentially just a config file.  There's
 no need to be 
 concerned about using Flex, but you could easilly
 code up your own 
 Apache::Session::MySQLNoLocks by changing a line in
 the current module.

Is it possible to have row-level locking (as opposed
to table-level or null locker) with MySQL 4.x and
Apache::Session?

--
md

__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

Re: Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-26 Thread md 

--- md [EMAIL PROTECTED] wrote:
 
 Is it possible to have row-level locking (as opposed
 to table-level or null locker) with MySQL 4.x and
 Apache::Session?

Looks like I get that with InnoDB automatically...

__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

Re: Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-26 Thread Perrin Harkins 
md wrote:
--- md [EMAIL PROTECTED] wrote:
Is it possible to have row-level locking (as opposed
to table-level or null locker) with MySQL 4.x and
Apache::Session?
You effectively have that already, since the MySQL locker only locks an 
individual session.  Check the code.

Looks like I get that with InnoDB automatically...
You can use actual transactions there.  Try starting with the 
Apache::Session::Store::Postgres module and hacking it a bit.  There is 
no module available that was designed for use with Innodb MySQL tables.

- Perrin

Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-25 Thread md 
We're using Apache::Session::MySQL (Apache::Session
1.54) and occassionaly see long lock times. 

Also, we'll soon be adding a substantial number of
users to our system and I wonder if it would be wise
to move away from the table locking that is currently
being used with Apache::Session::MySQL.

I'm looking at Apache::Session::Flex and setting
Lock='Null'...however, I get the impression from an
old email (see below) that Flex is for debugging only.


First, any benchmarks on what kind of load I can
realistically use with Apache::Session::MySQL? Is
moving to Apache::Session::Flex a good choice (and
then we could also change the session table to
INNODB), or should I create my own
Apache::Session::MySQL-type module by changing Lock =
'Null'?

I didn't see much discussion on this in the archives,
so if it is there, please point me to the thread...

Thanks...
--
 On Thu, 11 Oct 2001, Jeffrey W. Baker wrote:

Regarding Flex, nobody uses it.  It is for debugging.
 If you have a
particular variant of Flex that you use all the time
(very likely), you
can code up a 6-line module to make a real
implementation like all the
other session modules.

Flex is for debugging, period.



__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

Re: Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-25 Thread Cory 'G' Watson 
On Tuesday, February 25, 2003, at 11:55  AM, md wrote:

We're using Apache::Session::MySQL (Apache::Session
1.54) and occassionaly see long lock times.
I had a similar problem a few months ago with 
Apache::Session::Postgres.  I occasionally had Apache processes hang, 
and a quick ps aux shows a stalled query on the sessions table.  I 
ended up dropping it for Apache::Session::File.
I'm looking at Apache::Session::Flex and setting
Lock='Null'...however, I get the impression from an
old email (see below) that Flex is for debugging only.
I've not seen the problems since I switched to Apache::Session::File, 
but I would much prefer using the Postgres module, as it complicates my 
user's installation.

Could the MySQL and Pg implementations have the same problem?

Cory 'G' Watson
http://gcdb.spleck.net

Re: Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-25 Thread Perrin Harkins 
md wrote:
Also, we'll soon be adding a substantial number of
users to our system and I wonder if it would be wise
to move away from the table locking that is currently
being used with Apache::Session::MySQL.
It would be.  Frankly, there is no value to the kind of mutual exclusion 
that the Apache::Session locking provides in a typical web application. 
 If you use the null locker you will still get atomic updates, but you 
will have the possibility of someone opening up two browser windows, 
hitting submit in both, and having the last save overwrite the values 
from the first one, possibly losing some changes.  In most web apps, 
that is not a big problem.

Note that this could become a problem if you use sessions incorrectly by 
putting tons of data in them.  Most of your data should have its own 
normalized tables and persistence code.  Sessions are for storing tiny 
little bits of data like the user's ID or some form data that from a 
multi-page form that hasn't been committed yet.

I'm looking at Apache::Session::Flex and setting
Lock='Null'...however, I get the impression from an
old email (see below) that Flex is for debugging only.
If you look at the actual contents of Apache::Session::MySQL, you'll see 
that it's essentially just a config file.  There's no need to be 
concerned about using Flex, but you could easilly code up your own 
Apache::Session::MySQLNoLocks by changing a line in the current module.

First, any benchmarks on what kind of load I can
realistically use with Apache::Session::MySQL?
It all depends on how much data you put in (lots of data in the session 
will slow things down) and how fast your database is.  At eToys we used 
a slightly hacked version of Apache::Session::DBI with Oracle and it 
handled more traffic than most sites will ever see.

- Perrin

Re: Table/row locking with Apache::Session::Mysql /Apache::Session::Flex

2003-02-25 Thread md 

--- Perrin Harkins [EMAIL PROTECTED] wrote:

 It would be.  Frankly, there is no value to the kind
 of mutual exclusion 
 that the Apache::Session locking provides in a
 typical web application. 
   If you use the null locker you will still get
 atomic updates, but you 
 will have the possibility of someone opening up two
 browser windows, 
 hitting submit in both, and having the last save
 overwrite the values 
 from the first one, possibly losing some changes. 
 In most web apps, 
 that is not a big problem.

We talked about this, but in our case, I don't believe
this will be an issue.

 Note that this could become a problem if you use
 sessions incorrectly by 
 putting tons of data in them.  Most of your data
 should have its own 
 normalized tables and persistence code.  Sessions
 are for storing tiny 
 little bits of data like the user's ID or some form
 data that from a 
 multi-page form that hasn't been committed yet.

We put almost nothing in the session other than the
user id. There are three apps sharing the same session
table, and I believe one app may put two or three
other things other than the user id (like current page
id and affiliate id...both which I should be able to
remove someday:)...but never-the-less, very little
data in the session. I've gotten most of my sessioning
information from this list (and you), so I believe we
are session correctly :)
 
 If you look at the actual contents of
 Apache::Session::MySQL, you'll see 
 that it's essentially just a config file.  There's
 no need to be 
 concerned about using Flex, but you could easilly
 code up your own 
 Apache::Session::MySQLNoLocks by changing a line in
 the current module.

That's what I figured and that's what I'm going to do.

Thanks again,
--
md

__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

Apache::Session::MySQL

2002-12-28 Thread Richard 



Is this the correct list for help with 
Apache::Session::MySQL?

Thanks,
Richard.

Re: Apache::Session::MySQL

2002-12-28 Thread perrin 
 Is this the correct list for help with Apache::Session::MySQL?

This is a good list for it if you are using mod_perl.  If you're using
CGI, try one of the CGI resources instead, or stick with perlmonks.org.  I
just replied to your post there a few minutes ago.
- Perrin

Re: Apache::Session::MySQL

2002-12-28 Thread Richard 
Ah. ok. I don't use Mod_Perl, I hear it is a big security risk, since it
runs as root. Is this true? I love how much faster it is, it's not that much
faster, but enough to make me upgrade all my boxes if it is not a security
risk.

What do you think?
Thanks,
Richard.

(I'll go see your reply in a min. Thank you!)


- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, December 28, 2002 11:49 AM
Subject: Re: Apache::Session::MySQL


  Is this the correct list for help with Apache::Session::MySQL?

 This is a good list for it if you are using mod_perl.  If you're using
 CGI, try one of the CGI resources instead, or stick with perlmonks.org.  I
 just replied to your post there a few minutes ago.
 - Perrin

Re: Apache::Session::MySQL

2002-12-28 Thread perrin 
 Ah. ok. I don't use Mod_Perl, I hear it is a big security risk, since
 it runs as root. Is this true?

It's not true.  The parent process runs as root in order to open port 80,
but that's the same for CGI as well.  The child processes that actually
handle requests runs as whatever user you specify in httpd.conf (typically
nobody).
 I love how much faster it is, it's not
 that much faster, but enough to make me upgrade all my boxes if it is
 not a security risk.

If you have clean code (use strict and -w) that will run under mod_perl,
you should definitely take advantage of the speed increase.  Depending on
what you're doing, it can make a really huge difference in performance.
I do recommend that you fix your current Apache::Session problem first,
before thinking about converting to mod_perl.
- Perrin

Re: Apache::Session::MySQL

2002-12-28 Thread Richard 
So by user nobody, you mean in the httpd.conf file in the virtualhost tags
the user and group?

I have it set to user username and group username for each account, since
all of our boxes use SuExec.

So mod_perl is safe Ok. one other question. If I do upgrade to Mod_Perl,
can I still run regular Perl scripts, without using Mod_Perl, or do I have
to use one or the other, only.

Thank you,
Richard.

PS I just replied to the PerlMonks reply you did. Thank you.


- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, December 28, 2002 12:08 PM
Subject: Re: Apache::Session::MySQL


  Ah. ok. I don't use Mod_Perl, I hear it is a big security risk, since
  it runs as root. Is this true?

 It's not true.  The parent process runs as root in order to open port 80,
 but that's the same for CGI as well.  The child processes that actually
 handle requests runs as whatever user you specify in httpd.conf (typically
 nobody).
  I love how much faster it is, it's not
  that much faster, but enough to make me upgrade all my boxes if it is
  not a security risk.

 If you have clean code (use strict and -w) that will run under mod_perl,
 you should definitely take advantage of the speed increase.  Depending on
 what you're doing, it can make a really huge difference in performance.
 I do recommend that you fix your current Apache::Session problem first,
 before thinking about converting to mod_perl.
 - Perrin

Re: Apache::Session::MySQL

2002-12-28 Thread George Valpak 
At 01:25 PM 12/28/2002 -0600, Richard wrote:
So mod_perl is safe Ok. one other question. If I do upgrade to Mod_Perl,
can I still run regular Perl scripts, without using Mod_Perl, or do I have
to use one or the other, only.


Richard,

Yes,you can still run regular cgi, as with MP you have to explicitly tell (via 
directives in httpd.conf) which files to process using MP handlers.

My guess is if you are going to convert cgi scripts to run under MP, you are going to 
be iinterested in Apache::Registry.

There is probably a ton of good info on apache.org and elsewhere about how to do this 
exactly.

GV

Re: Apache::Session::MySQL

2002-12-28 Thread Perrin Harkins 
 So by user nobody, you mean in the httpd.conf file in the virtualhost
 tags the user and group?

 I have it set to user username and group username for each account,
 since all of our boxes use SuExec.

Okay, that may be an issue because SuExec does not work with mod_perl. 
Each apache daemon can only run mod_perl processes as a single user, but
that user can be any user you choose.  You would never set them to run as
root, because that would be a security problem.
 So mod_perl is safe Ok. one other question. If I do upgrade to
 Mod_Perl, can I still run regular Perl scripts

Yes, and you should still be able to run them with SuExec.  As George
said, there is quite a bit documentation on the perl.apache.org site that
may help you.
- Perrin

Re: Apache::Session::MySQL

2002-12-28 Thread Richard 
Great, thank you guys!
I am trying to first fix my Apache::Session problem before I open
a whole new bag of candy :o)

Thank you very much for your input, I am grateful!

Richard.



- Original Message - 
From: Perrin Harkins [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, December 28, 2002 2:32 PM
Subject: Re: Apache::Session::MySQL


  So by user nobody, you mean in the httpd.conf file in the virtualhost
  tags the user and group?
 
  I have it set to user username and group username for each account,
  since all of our boxes use SuExec.
 
 Okay, that may be an issue because SuExec does not work with mod_perl. 
 Each apache daemon can only run mod_perl processes as a single user, but
 that user can be any user you choose.  You would never set them to run as
 root, because that would be a security problem.
  So mod_perl is safe Ok. one other question. If I do upgrade to
  Mod_Perl, can I still run regular Perl scripts
 
 Yes, and you should still be able to run them with SuExec.  As George
 said, there is quite a bit documentation on the perl.apache.org site that
 may help you.
 - Perrin

Re: Apache::Session::MySQL question regarding lenght of _session_id

2000-12-19 Thread Jeffrey W. Baker 

On Mon, 18 Dec 2000, Andreas Marienborg wrote:

 I just can't seem to find any info on how to specify that Apache::Session
 should create session_id's that are shorter than 32 hex chars? could
 someone point me in the right direction??

You can use the argument 'IDLength' when using
Apache::Session::Generate::MD5 (the default), or you can replace that
class with your own class to generate the IDs you desire.

See the obscure Apache::Session::Generate::MD5 perldoc.

-jwb

Apache::Session::MySQL question regarding lenght of _session_id

2000-12-18 Thread Andreas Marienborg 

I just can't seem to find any info on how to specify that Apache::Session
should create session_id's that are shorter than 32 hex chars? could
someone point me in the right direction??

thanks in advance

Andreas


-- 
Andreas Marienborg  +47 92 28 63 82
[EMAIL PROTECTED]   www.palle.net

Re: Apache::Session::MySQL question regarding lenght of _session_id

2000-12-18 Thread Aaron E. Ross 

at a time earlier than now, Andreas Marienborg wrote:
 I just can't seem to find any info on how to specify that Apache::Session
 should create session_id's that are shorter than 32 hex chars? could
 someone point me in the right direction??

 Just write a module to sub class Apache::Session. Apache::Session::MySQL is 
 remarkably simple.  Here it is:

package Apache::Session::MySQL;
 
use strict;
use vars qw(@ISA $VERSION);
 
$VERSION = '1.01';
@ISA = qw(Apache::Session);
 
use Apache::Session;
use Apache::Session::Lock::MySQL;
use Apache::Session::Store::MySQL;
use Apache::Session::Generate::MD5;
use Apache::Session::Serialize::Storable;
 
sub populate {
my $self = shift;
 
$self-{object_store} = new Apache::Session::Store::MySQL $self;
$self-{lock_manager} = new Apache::Session::Lock::MySQL $self;
$self-{generate} = \Apache::Session::Generate::MD5::generate;
$self-{validate} = \Apache::Session::Generate::MD5::validate;
$self-{serialize}= \Apache::Session::Serialize::Storable::serialize;
$self-{unserialize}  = \Apache::Session::Serialize::Storable::unserialize;
 
return $self;
}
 
1;

You can have any subroutine you want generate id's. Just change the two lines
where generate is set to Apache::Session::Generate::MD5::generate and validate
to Apache::Session::Generate::MD5::validate. For example:

package Apache::Session::MyOwnPackage;
 
use strict;
use vars qw(@ISA $VERSION);
 
$VERSION = '1.01';
@ISA = qw(Apache::Session);
 
use Apache::Session;
use Apache::Session::Lock::MySQL;
use Apache::Session::Store::MySQL;
use Apache::Session::Serialize::Storable;
 
sub populate {
my $self = shift;
 
$self-{object_store} = new Apache::Session::Store::MySQL $self;
$self-{lock_manager} = new Apache::Session::Lock::MySQL $self;
$self-{generate} = \generate;
$self-{validate} = \validate;
$self-{serialize}= \Apache::Session::Serialize::Storable::serialize;
$self-{unserialize}  = \Apache::Session::Serialize::Storable::unserialize;
 
return $self;
}

sub generate
{
# some code to generate ids
}

sub validate
{
# some code to validate ids
}
 
1;

Of course, you'll actually need to write some code to generate and validate
ids. :)

HTH, 
 Aaron
 
 
 thanks in advance
 
 Andreas
 
 
 -- 
 Andreas Marienborg+47 92 28 63 82
 [EMAIL PROTECTED] www.palle.net

-- 

---
 Caution! The beverage you are about to enjoy may be hot.

Re: Apache::Session::MySQL question regarding lenght of _session_id

2000-12-18 Thread Andreas Marienborg 

On Mon, 18 Dec 2000, Aaron E. Ross wrote:

 at a time earlier than now, Andreas Marienborg wrote:
  I just can't seem to find any info on how to specify that Apache::Session
  should create session_id's that are shorter than 32 hex chars? could
  someone point me in the right direction??

  Just write a module to sub class Apache::Session. Apache::Session::MySQL is
  remarkably simple.  Here it is:


Thanks for pointing this out..however, I found a better way I thought I'd
share with the list:

The Apache::Session::Generate::MD5 module actually checks if there is an
arg called 'IDLength' when it generates the ID...so I just had to add an
IDLength = 8 to my initial Session tie, and everything worked nicely from
there on :)

Thanks for pointing me in the right direction!


-- 
Andreas Marienborg  +47 92 28 63 82
[EMAIL PROTECTED]   www.palle.net

Apache::Session::MySQL problem

2000-07-20 Thread Tatsuhiko Miyagawa 

I'm using Apache::Session 1.51 + mysql 3.22.32 +
mod_perl 1.24 + Apache 1.3.11. They work well except
one problem.

The problem is, if an acquired Session ID (from Cookie)
is not stored in the session database, Apache goes like

 panic: POPSTACK
 Callback called exit.

I know Apache::Session will die "Object does not exist
in the data store" when it can't restore a session from
database. So my script catch that exception with eval
block. 

But panic will happen. why ?


httpd.conf -- 
Files ~ "\.cgi$"
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
#PerlInitHandler Apache::StatINC
#PerlSetVar StatINCDebug On
PerlModule Apache::DBI
/Files

sample.cgi --

use strict;
use Apache;
use Apache::Session::MySQL;
use CGI;
use CGI::Cookie;

my $q = new CGI;
my %session;

eval {
my $r = Apache-request;
my %cookie = CGI::Cookie-parse($r-header_in('Cookie'));
my $sid = $cookie{SID}-value;

tie %session, 'Apache::Session::MySQL', $sid, { 
DataSource  = "dbi:mysql(RaiseError=1):dbname",
UserName= "user",
Password= "passwd",
LockDataSource  = "dbi:mysql(RaiseError=1):dbname",
LockUserName= "user",
LockPassword= "passwd",
};
};

if ($@) {
print $q-header, $@;
}



Any helps?



+-+-+-+-+-+-+-+-+-+-+-
Tatsuhiko Miyagawa [EMAIL PROTECTED]

Re: Apache::Session::MySQL problem

2000-07-20 Thread Tatsuhiko Miyagawa 

Thu, 20 Jul 2000 14:29:40 -0700 (PDT)
"Jeffrey W. Baker" [EMAIL PROTECTED] wrote:

  The problem is, if an acquired Session ID (from Cookie)
  is not stored in the session database, Apache goes like
  
   panic: POPSTACK
   Callback called exit.
  
  I know Apache::Session will die "Object does not exist
  in the data store" when it can't restore a session from
  database. So my script catch that exception with eval
  block. 
  
  But panic will happen. why ?
 
 Bug in Perl.  Upgrade.


my perl version is 5.005_03 with FreeBSD 4.0.
shoud I update this to perl 5.6.0 ??



+-+-+-+-+-+-+-+-+-+-
Tatsuhiko Miyagawa [EMAIL PROTECTED]