Apache::Session problems
Title: Apache::Session problems Hello, I am trying to use Apache::Session to store http session information. The version number of Apache::Session is 1.54. It is running on Apache/1.3.20 (Unix) mod_perl/1.26 configured. I am using the TicketTool from the o'reilly book, I make a tie as follows in TicketTool.pm my (%session, $cookie); tie %session, 'Apache::Session::MySQL', $cookie, { DataSource = 'dbi:mysql:ETNA', UserName = 'user', Password = '', LockDataSource = 'dbi:mysql:ETNA', LockUserName = 'user', LockPassword = '' }; In an other handler I am trying to recreate the session tie %session, 'Apache::Session::MySQL', $session_id, { Handle = $dbh, LockHandle = $dbh }; $dbh contains a handle to a MySQL database I also tried it with: tie %session, 'Apache::Session::MySQL', $session_id, { DataSource = 'dbi:mysql:ETNA', UserName = 'user', Password = '***', LockDataSource = 'dbi:mysql:ETNA', LockUserName = 'user', LockPassword = '***' }; Both methods resolve to the same error: [Thu Feb 28 11:46:39 2002] [error] Storable binary image v24.48 more recent than I am (v2.4) at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 351, at /usr/local/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.pm line 27 Does anybody knows a sollution to this problem, as far as I can see, all Apache::Session modules are up to date. Met vriendelijke groet / With kind regards, Domien Bakker Application Developer Application development Operations and Engineering ZeelandNet BV Postbus 35 4493 ZG Kamperland The Netherlands tel. +31 (0)113 377733 fax +31 (0)113 377784 domien@staff.zeelandnet.nl http://www.zeelandnet.nl/
Re: Apache::Session problems
On Thu, 2002-02-28 at 06:16, Domien Bakker wrote: Hello, I am trying to use Apache::Session to store http session information. The version number of Apache::Session is 1.54. It is running on Apache/1.3.20 (Unix) mod_perl/1.26 configured. ... Both methods resolve to the same error: [Thu Feb 28 11:46:39 2002] [error] Storable binary image v24.48 more recent than I am (v2.4) at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 351, at /usr/local/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.p m line 27 Does anybody knows a sollution to this problem, as far as I can see, all Apache::Session modules are up to date. This sounds like someone with a more recent version of Storable in their private lib has been testing sessions or something, since there's a mismatch of what is in the database versus the module trying to read the data. Be sure you've got the latest version of Storable installed. Chris -- Chris Winters ([EMAIL PROTECTED]) Building enterprise-capable snack solutions since 1988.
Re: Apache::Session problems
CW == Chris Winters [EMAIL PROTECTED] writes: On Thu, 2002-02-28 at 06:16, Domien Bakker wrote: [Thu Feb 28 11:46:39 2002] [error] Storable binary image v24.48 more recent than I am (v2.4) at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 351, at /usr/local/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.p m line 27 CW This sounds like someone with a more recent version of Storable CW in their private lib has been testing sessions or something, CW since there's a mismatch of what is in the database versus the CW module trying to read the data. Be sure you've got the latest CW version of Storable installed. I had a very similar problem, claiming that the data was serialised using version 50.xx; I think it indicates that the serialised data is somehow corrupt. I think I saw it because I had frozen a scalar that was not a reference, but I could be mistaken. But it is not a version problem, it just looks like one ;) Anway, after fixing some other bugs, blowing away the stored items and re-starting, the problem vanished. Good luck, - Adam
Apache::Session problems, film at 11:00 ...
All: I'm getting very odd behavior out of Apache::Session, with serious problems using both the MySQL and File variants. Yes, I know I've come here with this problem before. Sigh. I even fixed it, although it was one of those things where I didn't quite know why it started working. Anyway, it stopped working about a week ago, and, as usual, I have no clue. Hence this plea for help: With Apache::Session::File, this code creates a new session id with every request. The lock file for each session remains in the lock directory. I ran a 'chmod -R 777 dirname' on both the session store and lock directories. With Apache::Session::MySQL, this code behaves more normally: it reuses the session id, the way [I believe] it should, except $session{state} never seems to make it into the database. I say that because I look at the contents of the sessions table between transactions, and it looks like this: mysql select * from sessions; +--+---+ | id | a_session | +--+---+ | 4def39f4e8144aede90532951232c040 | | +--+---+ 1 row in set (0.00 sec) I did make sure that the right privileges existed for the database user accessing the sessions table. I tried uninstalling Apache::Session ('rm -rf /usr/local/lib/perl5/site_perl/5.6.0/Apache/Session*'), and reinstalled it using CPAN, on the theory that I may have diddled it while checking out its code. But that didn't help. Here's the (relevant) code, with short, annotated, log extract following: ## ## Physemp::Search ## package Physemp::Search; use strict; use Apache; use Apache::Request; use Apache::Constants qw( :common ); use CGI::Cookie; use Apache::Session::MySQL; use DBI; use Data::Dumper; my (%states, %_CACHE); sub handler ($$) { my ($class, $q) = @_; my $self = $class-new(my $r = Apache::Request-new($q)); my $html = ''; $self-get_session($r); my $coderef = $self-{make}-{$self-frame}-{$self-page}-{$self-command} || \unimplemented; $html = $self-$coderef($r); $r-content_type('text/html'); $self-put_or_del_session($r); $r-send_http_header; print $html; return OK; } sub get_session { my ($self, $r) = @_; my %session; my $cookie_str = $r-header_in('Cookie'); my %cookies = $cookie_str eq '' ? ( ) : CGI::Cookie-parse($cookie_str); if (exists $cookies{SessionID}) { (my $session_id = $cookies{SessionID}-value) =~ s/([0-9a-f]+)/$1/; eval { tie %session, $self-{tieclass}, $session_id, $self-{tieattrs}; }; if ($@) { $r-log_error($@); $r-log_error(get_session: No session data found.); $self-{state} = { }; $self-{session_id} = ''; } else { $r-log_error(get_session: Session data found.); $r-log_error(get_session: \$session{state} is \n, Dumper $session{state}); $session{state} = { account = {} } unless exists $session{state}; $self-{session_id} = $session{_session_id}; $self-{state} = $session{state}; } undef %session; } else { $r-log_error(get_session: No Session ID cookie.); $self-{state} = { }; $self-{session_id} = ''; } $r-log_error(get_session: Session ID is '$self-{session_id}'.); $r-log_error(get_session: State is \n, Dumper $self-{state}); } sub put_or_del_session { my ($self, $r) = @_; my (%session, $cookie); if ($self-command eq 'make' or $self-page eq 'action') { eval { tie %session, $self-{tieclass}, ($self-{session_id} eq '' ? undef : $self-{session_id}), $self-{tieattrs}; }; if ($@) { $r-log_error(put_or_del_session: $@); eval { tie %session, $self-{tieclass}, undef, $self-{tieattrs}; }; if ($@) { $r-log_error(put_or_del_session: $@); return; # WTH, we can't do any good here } } if ($self-command eq 'logout') { $r-log_error(put_or_del_session: deleting session.); $cookie = CGI::Cookie-new( -name= 'SessionID', -path= $self-{uri}, -domain = '.physemp.com', -expires = '-10m', -value = '' ); tied(%session)-delete; } else { $r-log_error(put_or_del_session: updating session.); $session{state} = $self-{state}; $session{changes}++; $r-log_error(put_or_del_session: Session ID is '$session{_session_id}'.); $r-log_error(put_or_del_session: State is \n, Dumper $session{state}); $cookie = CGI::Cookie-new( -name= 'SessionID',
Re: Apache::Session problems
Cees Hek wrote: On Mon, 26 Mar 2001, Christopher L. Everett,,, wrote: Apache::Session::MySQL won't save session state. Apache::Session::File returns the following error: Insecure dependency in open while running with -T switch at /usr/local/lib/perl5/site_perl/5.6.0/Apache/Session/Lock/File.pm line 40. Well, line 40 of Apache/Session/Lock/File.pm contains the following bit of code: open($fh,"+".$LockDirectory."/Apache-Session-".$session-{data}-{_session_id}.".lock") || die $!;D So perl is telling you that one of the variables being used in the open command is Tainted (you are running perl in Taint mode with the -T switch turned on). I'm guessing it is probably $session-{data}-{_session_id}, which is really just the $session_id variable that you pulled out of a Cookie in your code below (and cookies are automatically tainted since it comes from the user). You will have to untaint the $session_id variable before you pass it to Apache::Session, and this error message should go away. See the perl manpages on how to untaint variables... Aargh! struck by the blindingly obvious again. I have got to stop posting in the early morning ... I also figured out the next day why Apache::Session::MySQL didn't work right, when I investigated the nature of tied variables a little more closely. undef'ing the variable at the end of get_session and re-tying %session at the beginning of put_or_del_session, plus shuffling some code around in get_seesion pretty well solved that problem. Seemed to me you can't do something like: tie %session, 'Apache::Session::MySQL', undef, \%attrs; $self-{session} = %session; ant then later on do %session = $self-{session} --Christopher
Apache::Session problems
Apache::Session::MySQL won't save session state. Apache::Session::File returns the following error: Insecure dependency in open while running with -T switch at /usr/local/lib/perl5/site_perl/5.6.0/Apache/Session/Lock/File.pm line 40. here's the code in question: sub put_or_del_session { my ($self, $r, %session) = @_; if ($self-command eq 'logout') { tied{%session}-delete; my $cookie = Apache::Cookie-new( $r, -name= 'SessionID', -path= $self-{uri}, -domain = $self-{config}-{TicketServerName}, -expires = '-10m', -value = '' ); $cookie-bake; } elsif (($self-page eq 'frame' $self-command eq 'make') or $self-page eq 'action') { $session{state} = $self-{state}; $session{timestamp} = time; } $r-log_error("put_or_del_session: session_id is $self-{session_id}"); $r-log_error("put_or_del_session: state is " . Dumper $session{state}); undef %session; } sub get_session { my ($self, $r) = @_; my %session; my $cookie_str = $r-header_in('Cookie'); my %cookies = $cookie_str eq '' ? ( ) : Apache::Cookie-parse($cookie_str); if (exists $cookies{SessionID}) { my $session_id = $cookies{SessionID}-value; #tie %session, 'Apache::Session::MySQL', $session_id, #{ # DataSource = $self-{config}-{Session_DB}, # UserName = $self-{config}-{Search_DB_User}, # Password = $self-{config}-{Search_DB_Password}, # LockDataSource = $self-{config}-{Session_DB}, # LockUserName = $self-{config}-{Search_DB_User}, # LockPassword = $self-{config}-{Search_DB_Password}, #}; tie %session, 'Apache::Session::File', $session_id, { Directory = '/tmp/apache/session', LockDirectory = '/tmp/apache/session/lock' }; } else { #tie %session, 'Apache::Session::MySQL', undef, #{ # DataSource = $self-{config}-{Session_DB}, # UserName = $self-{config}-{Search_DB_User}, # Password = $self-{config}-{Search_DB_Password}, # LockDataSource = $self-{config}-{Session_DB}, # LockUserName = $self-{config}-{Search_DB_User}, # LockPassword = $self-{config}-{Search_DB_Password}, #}; tie %session, 'Apache::Session::File', undef, { Directory = '/tmp/apache/session', LockDirectory = '/tmp/apache/session/lock' }; $session{state} = { account = {}, command = '', step= '', order = {} }; my $cookie = Apache::Cookie-new( $r, -name= 'SessionID', -path= $self-{uri}, -domain = 'www.physemp.com', -value = $session{_session_id} ); $cookie-bake; } $self-{state} = $session{state}; $self-{session_id} = $session{_session_id}; $r-log_error("get_session: session_id is $self-{session_id}"); $r-log_error('get_session: $session{state} is ' . Dumper $session{state}); $r-log_error('get_session: $self-{state} is ' . Dumper $self-{state}); return %session; }
Re: Apache::Session problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 3:24 AM +1000 3/28/01, Cees Hek wrote: $session-{data}-{_session_id}, which is really just the $session_id variable that you pulled out of a Cookie in your code below (and cookies are automatically tainted since it comes from the user). You will have to untaint the $session_id variable before you pass it to Apache::Session, and this error message should go away. See the perl manpages on how to untaint variables... It looks to me like there's code in Session.pm that validates the session id to make sure it's safe. It seems to me that it would be appropriate for that code to untaint the data at that point. There are a lot of routines that use that variable for generating file names, and running perl -T with a web server is not a bad idea. - -- Kee Hinckley - Somewhere.Com, LLC - Cyberspace Architects Now Playing - Folk, Rock, odd stuff - http://www.somewhere.com/playlist.cgi I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBOsA2sSZsPfdw+r2CEQL4uwCfU85AJURfZ0TNFngN11DLQZcwcbQAoJJ+ 7Z/zsw0lOURKvcClTTAf82gF =veaU -END PGP SIGNATURE-