[cgiapp] Strange Problem with CAP::Authentication and CAP::Session?

[Giannis Economou <suppressed>]

I'm writing an application using the CAP::Plugins:
DBH, Session, Authentication, AutoRunmode, TT

and the whole day I'm really stuck with Module bugs (is that luck or 
not?) and now something seems quite strange, so please help if you may...

About the bugs seen:
Some hours ago I've started by using in CGI_SESSION_OPTIONS while 
initializing CAP::Session (in this order):
- "driver:mysql;serializer:Storable"
but I've got this bug 
http://rt.cpan.org/Public/Bug/Display.html?id=17541 ("DESTROY created 
new reference to dead object 'CGI::Session' during global destruction.") 
and I've found out that while trying to flush() data to storage there 
was no DBI Handle set (that was happening right before the fatal error 
which is the bug above).
Pitty, because I wanted to use the DB for the sessions.
- "driver:file;serializer:Storable"
Ok.. This gave me this bug 
http://rt.cpan.org/Public/Bug/Display.html?id=7575 ("Child died: 
Storable binary image v>20 more recent than I am") and I got over that 
by using the Freezethaw serializer, which is working.
- Now, I've switched to "driver:file;" for testing (to view file 
contents) and here comes the strangeness...

I'm able to properly use sessions in my app. I've set sessions, read 
sessions, examined the cookie in browser and the files created in fs by 
the CGI::Session module. Contents in fs files are properly updated and 
cookie with session_id is properly sent.

The problem is when CAP::Authentication comes in! Everything is working 
right when using the 'Cookie' STORE, but when switching to the 'Session' 
STORE Authentication is NOT working (I repeat CAP::Session by itself is 
tested and working).

I've put some debug messages into  
.../CGI/Application/Plugin/Authentication/Store/Session.pm in save() 
method to see what's happening. Things seemed ok.
sub save {
....
   my $session = $self->_session;
   while (my ($param, $value) = each %items) {
           my $key = _names_to_keys($param);
           $session->param( $key => $value );
   }
...
}

Using Data::Dumper, I 've got BEFORE the $session->param() calls of the 
above method (CAP::Authentication::Store::Session::save):
'_CLAIMED_ID' => 'b504e8434f....................................',
 '_DATA' => {
                             '_SESSION_ETIME' => 1200,
                             '_SESSION_ID' => 
'b504e8434f....................................',
                             '_SESSION_ATIME' => 1143230211,
                             '_SESSION_REMOTE_ADDR' => '192.168.3.2',
                             '_SESSION_EXPIRE_LIST' => {},
                             '_SESSION_CTIME' => 1143230174

and AFTER the calls:
'_DATA' => {
                             'AUTH_LAST_ACCESS' => 1143230211,
                             '_SESSION_ETIME' => 1200,
                             '_SESSION_ID' => 
'b504e8434f.................................',
                             'AUTH_LAST_LOGIN' => 1143230211,
                             '_SESSION_REMOTE_ADDR' => '192.168.3.2',
                             '_SESSION_CTIME' => 1143230174,
                             '_SESSION_ATIME' => 1143230211,
                             'AUTH_USERNAME' => 'test',
                             'AUTH_LOGIN_ATTEMPTS' => 0,
                             '_SESSION_EXPIRE_LIST' => {}
                           },


but these updated data NEVER reach the file on filesystem that keeps the 
session, so user in not logged in.

It is starting getting disappointing...

Some source code:

use base 'CGI::Application';
use CGI::Application::Plugin::DBH (qw/dbh/); #init in instance script
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::AutoRunmode;
use CGI::Application::Plugin::TT;

sub cgiapp_init {
   my $self = shift;

   #init auth subsystem
   $self->authen->config(
      DRIVER => [ 'DBI',
        TABLE       => 'usersinfo',
        CONSTRAINTS => {
            'usersinfo.uname'  => '__CREDENTIAL_1__',
            'MD5_base64:salted_pass:usersinfo.passwd' => '__CREDENTIAL_2__'
        },
        FILTERS => { salted_pass => sub { 
$self->salted_pass(shift,shift) } },
    ],
      LOGIN_RUNMODE => 'login',
      STORE => 'Session',
      POST_LOGIN_URL => $CONFIG->GetBaseURL() . '/app.pl?rm=user_console',
      LOGOUT_RUNMODE => 'logout',
      CREDENTIALS => [ 'auth_usr_uname', 'auth_usr_passwd' ], #form 
fields for auth
          LOGIN_SESSION_TIMEOUT => {
      IDLE_FOR => '30m',
      EVERY    => '1d',
      }
    );

  #init our session 
 $CGI::Session::NAME = $CONFIG->GetAppName();
 $self->session_config(
      CGI_SESSION_OPTIONS => [ "driver:File;", $self->query, { 
Directory => $CONFIG->GetSessionDir() } ],
      DEFAULT_EXPIRY      => '+20m',
      COOKIE_PARAMS       => { -path    => '/', },
      SEND_COOKIE         => 1,
   ) or die($@);
  
}


So to summarize, CAP::Session is working (with a File driver and not 
Storable serializer) and CAP::Authentication is working with "Cookie" 
STORE. I wanted "Session" STORE in mysql driver Sessions, but I can't 
even get "Session" STORE to work right even with the File driver. :(

Thank you...

Regards,
Giannis


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
             http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed