mp1.99.10-dev
apache 2.0.46
Session-0.01 (by Olivier Poitrey)
I've got a subroutine as follows :
sub login {
# checks supplied username passwd against users table in db
# if ok, creates a session returns session_id username
# otherwise, returns 0
my ($supplied_username, $supplied_passwd) = @_;
use DBI;
use Session;
my $user_id = 0;
my $dbh = DBI-connect(DBI:mysql:.$db_name.:.$db_server,
$db_user, $db_pass,
{ RaiseError = 1}) or return -1;
my $sth = $dbh-prepare(qq{SELECT * FROM passwd WHERE username = ? AND
passwd = PASSWORD(?) });
$sth-execute($supplied_username, $supplied_passwd);
my @ary = $sth-fetchrow_array;
if (defined($ary[0])) {
$user_id = $ary[0];
}
my $rc = $sth-finish;
if ($user_id == 0) {# no match, return 0
return 0;
}
my %session_config = (
Store = MySQL,
Lock= MySQL,
Generate= MD5,
Serialize = $serialize,
DataSource = DBI:mysql:host=$db_server;database=$db_name,
UserName= $db_user,
Password= $db_pass,
LockDataSource = dbi:mysql:.$db_name,
LockUserName= $db_user,
LockPassword= $db_pass
);
my $session = new Session(undef, %session_config);
$session-set('user_id' = $user_id);
my $session_id = $session-session_id();
my @keys = $session-keys();
$session-release();
logit($log, keys stored : @keys);
return $session_id;
}
It checks login info ok, and all seems mostly well, *except* it
never seems to store the 'user_id' value.
the logfile that logit() writes to sees this on every invocation :
steel1: {14} tail -f log
keys stored : user_id
keys stored : user_id
keys stored : user_id
so $session-set() seems to be working at that point, but in the
database record I get this :
mysql select * from sessions\G
*** 1. row ***
id: a1c170b34f080053211471b4365006d8
a_session:
BQUDAQogYTFjMTcwYjM0ZjA4MDA1MzIxMTQ3MWI0MzY1MDA2ZDgLX3Nlc3Npb25faWQ=
(I'm serializing with Base64)
the base64 decoding of the a_session data shows :
mmencode -u
BQUDAQogYTFjMTcwYjM0ZjA4MDA1MzIxMTQ3MWI0MzY1MDA2ZDgLX3Nlc3Npb25faWQ=
a1c170b34f080053211471b4365006d8_session_id
Which is the session_id, but no sign of the user_id record?
My understanding of the way that Apache::Session (and Session)
work is that when you add a variable, it stores it in the a_session
field, and when you untie (or in this case use $session-release(),
which is equivalent?) that the new value should get written to the
session record in the database and thus be available for future
reference?
Later calls from other scripts can't see user_id when I
call them as $session-get('user_id'), which is, I think,
consistant with them not showing up in the database?
Can anyone see what I'm doing wrong? I'm using Session for syntatic
sugar reasons moreso than anything functional except the wrapping
of ugly exec()'s (ughhh), is the problem I'm seeing my
code/understanding or should I file a bug report with Olivier?
thanks
Carl
