Apache::Session problems
Title: Apache::Session problems
Hello,
I am trying to use Apache::Session to store http session information.
The version number of Apache::Session is 1.54. It is running on Apache/1.3.20 (Unix) mod_perl/1.26 configured.
I am using the TicketTool from the o'reilly book, I make a tie as follows in TicketTool.pm
my (%session, $cookie);
tie %session, 'Apache::Session::MySQL', $cookie, { DataSource = 'dbi:mysql:ETNA',
UserName = 'user',
Password = '',
LockDataSource = 'dbi:mysql:ETNA',
LockUserName = 'user',
LockPassword = ''
};
In an other handler I am trying to recreate the session
tie %session, 'Apache::Session::MySQL', $session_id, {
Handle = $dbh,
LockHandle = $dbh
};
$dbh contains a handle to a MySQL database
I also tried it with:
tie %session, 'Apache::Session::MySQL', $session_id, {
DataSource = 'dbi:mysql:ETNA',
UserName = 'user',
Password = '***',
LockDataSource = 'dbi:mysql:ETNA',
LockUserName = 'user',
LockPassword = '***'
};
Both methods resolve to the same error:
[Thu Feb 28 11:46:39 2002] [error] Storable binary image v24.48 more recent than I am (v2.4) at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 351, at /usr/local/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.pm line 27
Does anybody knows a sollution to this problem, as far as I can see, all Apache::Session modules are up to date.
Met vriendelijke groet / With kind regards,
Domien Bakker
Application Developer
Application development
Operations and Engineering
ZeelandNet BV
Postbus 35
4493 ZG Kamperland
The Netherlands
tel. +31 (0)113 377733
fax +31 (0)113 377784
domien@staff.zeelandnet.nl
http://www.zeelandnet.nl/
Re: Apache::Session problems
On Thu, 2002-02-28 at 06:16, Domien Bakker wrote: Hello, I am trying to use Apache::Session to store http session information. The version number of Apache::Session is 1.54. It is running on Apache/1.3.20 (Unix) mod_perl/1.26 configured. ... Both methods resolve to the same error: [Thu Feb 28 11:46:39 2002] [error] Storable binary image v24.48 more recent than I am (v2.4) at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 351, at /usr/local/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.p m line 27 Does anybody knows a sollution to this problem, as far as I can see, all Apache::Session modules are up to date. This sounds like someone with a more recent version of Storable in their private lib has been testing sessions or something, since there's a mismatch of what is in the database versus the module trying to read the data. Be sure you've got the latest version of Storable installed. Chris -- Chris Winters ([EMAIL PROTECTED]) Building enterprise-capable snack solutions since 1988.
Re: Apache::Session problems
CW == Chris Winters [EMAIL PROTECTED] writes: On Thu, 2002-02-28 at 06:16, Domien Bakker wrote: [Thu Feb 28 11:46:39 2002] [error] Storable binary image v24.48 more recent than I am (v2.4) at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 351, at /usr/local/lib/perl5/site_perl/5.6.1/Apache/Session/Serialize/Storable.p m line 27 CW This sounds like someone with a more recent version of Storable CW in their private lib has been testing sessions or something, CW since there's a mismatch of what is in the database versus the CW module trying to read the data. Be sure you've got the latest CW version of Storable installed. I had a very similar problem, claiming that the data was serialised using version 50.xx; I think it indicates that the serialised data is somehow corrupt. I think I saw it because I had frozen a scalar that was not a reference, but I could be mistaken. But it is not a version problem, it just looks like one ;) Anway, after fixing some other bugs, blowing away the stored items and re-starting, the problem vanished. Good luck, - Adam
Apache::Session problems, film at 11:00 ...
All:
I'm getting very odd behavior out of Apache::Session, with
serious problems using both the MySQL and File variants.
Yes, I know I've come here with this problem before. Sigh.
I even fixed it, although it was one of those things where I
didn't quite know why it started working. Anyway, it stopped
working about a week ago, and, as usual, I have no clue. Hence
this plea for help:
With Apache::Session::File, this code creates a new session id
with every request. The lock file for each session remains in
the lock directory. I ran a 'chmod -R 777 dirname' on both
the session store and lock directories.
With Apache::Session::MySQL, this code behaves more normally:
it reuses the session id, the way [I believe] it should, except
$session{state} never seems to make it into the database. I
say that because I look at the contents of the sessions table
between transactions, and it looks like this:
mysql select * from sessions;
+--+---+
| id |
a_session |
+--+---+
| 4def39f4e8144aede90532951232c040
| |
+--+---+
1 row in set (0.00 sec)
I did make sure that the right privileges existed for the
database user accessing the sessions table.
I tried uninstalling Apache::Session ('rm -rf
/usr/local/lib/perl5/site_perl/5.6.0/Apache/Session*'),
and reinstalled it using CPAN, on the theory that I may have
diddled it while checking out its code. But that didn't help.
Here's the (relevant) code, with short, annotated, log extract
following:
##
## Physemp::Search
##
package Physemp::Search;
use strict;
use Apache;
use Apache::Request;
use Apache::Constants qw( :common );
use CGI::Cookie;
use Apache::Session::MySQL;
use DBI;
use Data::Dumper;
my (%states, %_CACHE);
sub handler ($$) {
my ($class, $q) = @_;
my $self = $class-new(my $r = Apache::Request-new($q));
my $html = '';
$self-get_session($r);
my $coderef =
$self-{make}-{$self-frame}-{$self-page}-{$self-command}
|| \unimplemented;
$html = $self-$coderef($r);
$r-content_type('text/html');
$self-put_or_del_session($r);
$r-send_http_header;
print $html;
return OK;
}
sub get_session {
my ($self, $r) = @_;
my %session;
my $cookie_str = $r-header_in('Cookie');
my %cookies = $cookie_str eq '' ? ( ) :
CGI::Cookie-parse($cookie_str);
if (exists $cookies{SessionID}) {
(my $session_id = $cookies{SessionID}-value) =~ s/([0-9a-f]+)/$1/;
eval {
tie %session, $self-{tieclass}, $session_id, $self-{tieattrs};
};
if ($@) {
$r-log_error($@);
$r-log_error(get_session: No session data found.);
$self-{state} = { };
$self-{session_id} = '';
} else {
$r-log_error(get_session: Session data found.);
$r-log_error(get_session: \$session{state} is \n, Dumper
$session{state});
$session{state} = { account = {} } unless exists $session{state};
$self-{session_id} = $session{_session_id};
$self-{state} = $session{state};
}
undef %session;
} else {
$r-log_error(get_session: No Session ID cookie.);
$self-{state} = { };
$self-{session_id} = '';
}
$r-log_error(get_session: Session ID is '$self-{session_id}'.);
$r-log_error(get_session: State is \n, Dumper $self-{state});
}
sub put_or_del_session {
my ($self, $r) = @_;
my (%session, $cookie);
if ($self-command eq 'make' or $self-page eq 'action') {
eval {
tie %session,
$self-{tieclass},
($self-{session_id} eq '' ? undef : $self-{session_id}),
$self-{tieattrs};
};
if ($@) {
$r-log_error(put_or_del_session: $@);
eval { tie %session, $self-{tieclass}, undef, $self-{tieattrs};
};
if ($@) {
$r-log_error(put_or_del_session: $@);
return; # WTH, we can't do any good here
}
}
if ($self-command eq 'logout') {
$r-log_error(put_or_del_session: deleting session.);
$cookie = CGI::Cookie-new( -name= 'SessionID',
-path= $self-{uri},
-domain = '.physemp.com',
-expires = '-10m',
-value = '' );
tied(%session)-delete;
} else {
$r-log_error(put_or_del_session: updating session.);
$session{state} = $self-{state};
$session{changes}++;
$r-log_error(put_or_del_session: Session ID is
'$session{_session_id}'.);
$r-log_error(put_or_del_session: State is \n, Dumper
$session{state});
$cookie = CGI::Cookie-new( -name= 'SessionID',
Re: Apache::Session problems
Cees Hek wrote:
On Mon, 26 Mar 2001, Christopher L. Everett,,, wrote:
Apache::Session::MySQL won't save session state.
Apache::Session::File returns the following error:
Insecure dependency in open while running with -T switch at
/usr/local/lib/perl5/site_perl/5.6.0/Apache/Session/Lock/File.pm
line 40.
Well, line 40 of Apache/Session/Lock/File.pm contains the following bit of
code:
open($fh,"+".$LockDirectory."/Apache-Session-".$session-{data}-{_session_id}.".lock")
|| die $!;D
So perl is telling you that one of the variables being used in the open
command is Tainted (you are running perl in Taint mode with the -T
switch turned on). I'm guessing it is probably
$session-{data}-{_session_id}, which is really just the $session_id
variable that you pulled out of a Cookie in your code below (and
cookies are automatically tainted since it comes from the user). You will
have to untaint the $session_id variable before you pass it to
Apache::Session, and this error message should go away. See the perl
manpages on how to untaint variables...
Aargh! struck by the blindingly obvious again. I have got to stop
posting in the early morning ... I also figured out the next day
why Apache::Session::MySQL didn't work right, when I investigated
the nature of tied variables a little more closely. undef'ing the
variable at the end of get_session and re-tying %session at the
beginning of put_or_del_session, plus shuffling some code around
in get_seesion pretty well solved that problem. Seemed to me you
can't do something like:
tie %session, 'Apache::Session::MySQL', undef, \%attrs;
$self-{session} = %session;
ant then later on do
%session = $self-{session}
--Christopher
Apache::Session problems
Apache::Session::MySQL won't save session state.
Apache::Session::File returns the following error:
Insecure dependency in open while running with -T switch at
/usr/local/lib/perl5/site_perl/5.6.0/Apache/Session/Lock/File.pm
line 40.
here's the code in question:
sub put_or_del_session {
my ($self, $r, %session) = @_;
if ($self-command eq 'logout') {
tied{%session}-delete;
my $cookie = Apache::Cookie-new( $r,
-name= 'SessionID',
-path= $self-{uri},
-domain = $self-{config}-{TicketServerName},
-expires = '-10m',
-value = '' );
$cookie-bake;
} elsif (($self-page eq 'frame' $self-command eq 'make') or
$self-page eq 'action') {
$session{state} = $self-{state};
$session{timestamp} = time;
}
$r-log_error("put_or_del_session: session_id is $self-{session_id}");
$r-log_error("put_or_del_session: state is " . Dumper $session{state});
undef %session;
}
sub get_session {
my ($self, $r) = @_;
my %session;
my $cookie_str = $r-header_in('Cookie');
my %cookies = $cookie_str eq '' ? ( ) :
Apache::Cookie-parse($cookie_str);
if (exists $cookies{SessionID}) {
my $session_id = $cookies{SessionID}-value;
#tie %session, 'Apache::Session::MySQL', $session_id,
#{
# DataSource = $self-{config}-{Session_DB},
# UserName = $self-{config}-{Search_DB_User},
# Password = $self-{config}-{Search_DB_Password},
# LockDataSource = $self-{config}-{Session_DB},
# LockUserName = $self-{config}-{Search_DB_User},
# LockPassword = $self-{config}-{Search_DB_Password},
#};
tie %session, 'Apache::Session::File', $session_id,
{
Directory = '/tmp/apache/session',
LockDirectory = '/tmp/apache/session/lock'
};
} else {
#tie %session, 'Apache::Session::MySQL', undef,
#{
# DataSource = $self-{config}-{Session_DB},
# UserName = $self-{config}-{Search_DB_User},
# Password = $self-{config}-{Search_DB_Password},
# LockDataSource = $self-{config}-{Session_DB},
# LockUserName = $self-{config}-{Search_DB_User},
# LockPassword = $self-{config}-{Search_DB_Password},
#};
tie %session, 'Apache::Session::File', undef,
{
Directory = '/tmp/apache/session',
LockDirectory = '/tmp/apache/session/lock'
};
$session{state} = {
account = {},
command = '',
step= '',
order = {}
};
my $cookie = Apache::Cookie-new( $r,
-name= 'SessionID',
-path= $self-{uri},
-domain = 'www.physemp.com',
-value = $session{_session_id} );
$cookie-bake;
}
$self-{state} = $session{state};
$self-{session_id} = $session{_session_id};
$r-log_error("get_session: session_id is $self-{session_id}");
$r-log_error('get_session: $session{state} is ' . Dumper
$session{state});
$r-log_error('get_session: $self-{state} is ' . Dumper $self-{state});
return %session;
}
Re: Apache::Session problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 3:24 AM +1000 3/28/01, Cees Hek wrote:
$session-{data}-{_session_id}, which is really just the $session_id
variable that you pulled out of a Cookie in your code below (and
cookies are automatically tainted since it comes from the user). You will
have to untaint the $session_id variable before you pass it to
Apache::Session, and this error message should go away. See the perl
manpages on how to untaint variables...
It looks to me like there's code in Session.pm that validates the
session id to make sure it's safe. It seems to me that it would be
appropriate for that code to untaint the data at that point. There
are a lot of routines that use that variable for generating file
names, and running perl -T with a web server is not a bad idea.
- --
Kee Hinckley - Somewhere.Com, LLC - Cyberspace Architects
Now Playing - Folk, Rock, odd stuff - http://www.somewhere.com/playlist.cgi
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com
iQA/AwUBOsA2sSZsPfdw+r2CEQL4uwCfU85AJURfZ0TNFngN11DLQZcwcbQAoJJ+
7Z/zsw0lOURKvcClTTAf82gF
=veaU
-END PGP SIGNATURE-
