mod_perl2: handle session without CGI::Session

mod_perl2: handle session without CGI::Session

am 26.05.2008 09:55:33 von mome

Hi,

I am trying to get a posted data with Apache2::Request, still no luck but
found something interesting.


What I found is once my handler specified byPerlAuthenHandler calling
CGI::Session(), the posted data retrieved in final destination is lost.

Here is part of my handler
sub authen_handler_new{
my $self = shift;
my $r = shift;
$r->warn("Begin new handler");
my $req = Apache2::Request->new($r);
my $tmpCode = $req->param("code");
my $session = new CGI::Session() or die CGI::Session->errstr; # this line
cause posted data is lost in final destination
......

FYI:
Here is my environment setup
OS: Linux Fedora core 6
Apache Server 2.2.6
mod_perl2.0.2
perl 5.5.8
CGI.pm version 3.15

I am not sure if it is because the bug or something else


I need the session handling and want to know the alternative way to
handle session without CGI::Session.

Please suggest.

Thanks

PA




--
View this message in context: http://www.nabble.com/mod_perl2%3A-handle-session-without-CG I%3A%3ASession-tp17467447p17467447.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

Re: mod_perl2: handle session without CGI::Session

am 26.05.2008 19:47:37 von Perrin Harkins

On Mon, May 26, 2008 at 3:55 AM, mome wrote:
> What I found is once my handler specified byPerlAuthenHandler calling
> CGI::Session(), the posted data retrieved in final destination is lost.

CGI::Session will try to make a new CGI object, which will read the
POST data. You can't read POST data twice. Either get the session ID
yourself and pass it to CGI::Session->new() or pass it your
Apache2::Request object. The details are in the CGI::Session docs.

- Perrin

Re: mod_perl2: handle session without CGI::Session

am 27.05.2008 04:48:47 von mome

Thanks for the tips.

When passing Apache2::Request object to CGI::Session->new() as the following

sub authen_handler{
my $self = shift;
my $req = Apache2::Request->new($r);
my $session=CGI::Session->new(undef,$req,{Directory=>
$TMP_SESSION_FOLDER});
my $sesName = $session->name; # this line cause error
my $sesID = $session->id;
....
....}
It seems the posted data is not lost, but I get the errors "... Can't call
method "name/id" on an undefined value".

Is the call of "CGI::Session->new(undef,$req,{Directory=>
$TMP_SESSION_FOLDER})" not create the session object? then how can I manage
the session with these method e.g. $session->name, $session->id,
$session->expire()


Please advise!

Many thanks

PA



Perrin Harkins wrote:
>
> On Mon, May 26, 2008 at 3:55 AM, mome wrote:
>> What I found is once my handler specified byPerlAuthenHandler calling
>> CGI::Session(), the posted data retrieved in final destination is lost.
>
> CGI::Session will try to make a new CGI object, which will read the
> POST data. You can't read POST data twice. Either get the session ID
> yourself and pass it to CGI::Session->new() or pass it your
> Apache2::Request object. The details are in the CGI::Session docs.
>
> - Perrin
>
>

--
View this message in context: http://www.nabble.com/mod_perl2%3A-handle-session-without-CG I%3A%3ASession-tp17467447p17482116.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

Re: mod_perl2: handle session without CGI::Session

am 27.05.2008 10:08:07 von mome

Hi Perrin,

What do you means by " Either get the session ID
yourself and pass it to CGI::Session->new()"?
Does it mean I can simply create the session ID from any way eventhough
hardcode e.g. 23asfsdfw22456 and pass it?

At the moment, I also try Apache::Session and want to see if it can replace
CGI::Session

my handler code is something like this
sub handler{
....
tie %session, 'Apache::Session::File',undef , $opts;
}

However, everytime I hit the code e.g. refresh the browser, the session seem
to be created with the new session id.
I am still struggling how I can retrieve the previous session (with the
same session id)

My ultimate goal is to retrieve the posted data at the final destination. I
am just thinking maybe thing can be done easier if using Apache::Session

Please advise.

PA
Thanks for the tips.

When passing Apache2::Request object to CGI::Session->new() as the following

sub authen_handler{
my $self = shift;
my $req = Apache2::Request->new($r);
my $session=CGI::Session->new(undef,$req,{Directory=>
$TMP_SESSION_FOLDER});
my $sesName = $session->name; # this line cause error
my $sesID = $session->id;
....
....}
It seems the posted data is not lost, but I get the errors "... Can't call
method "name/id" on an undefined value".

Is the call of "CGI::Session->new(undef,$req,{Directory=>
$TMP_SESSION_FOLDER})" not create the session object? then how can I manage
the session with these method e.g. $session->name, $session->id,
$session->expire()


Please advise!

Many thanks

PA



Perrin Harkins wrote:
>
> On Mon, May 26, 2008 at 3:55 AM, mome wrote:
>> What I found is once my handler specified byPerlAuthenHandler calling
>> CGI::Session(), the posted data retrieved in final destination is lost.
>
> CGI::Session will try to make a new CGI object, which will read the
> POST data. You can't read POST data twice. Either get the session ID
> yourself and pass it to CGI::Session->new() or pass it your
> Apache2::Request object. The details are in the CGI::Session docs.
>
> - Perrin
>
>



--
View this message in context: http://www.nabble.com/mod_perl2%3A-handle-session-without-CG I%3A%3ASession-tp17467447p17485165.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

Re: mod_perl2: handle session without CGI::Session

am 27.05.2008 23:54:17 von Perrin Harkins

On Tue, May 27, 2008 at 4:08 AM, mome wrote:
> What do you means by " Either get the session ID
> yourself and pass it to CGI::Session->new()"?
> Does it mean I can simply create the session ID from any way eventhough
> hardcode e.g. 23asfsdfw22456 and pass it?

Your session ID is in a cookie, right? So read the cookie and get the
session ID. There's nothing magical happening here.

> At the moment, I also try Apache::Session and want to see if it can replace
> CGI::Session

There's nothing wrong with CGI::Session. Your POST data got lost
because you were making CGI::Session read it. If you pass in a
session ID or a query object, it will not need to read the POST data.

- Perrin

Re: mod_perl2: handle session without CGI::Session

am 28.05.2008 00:09:18 von Perrin Harkins

On Mon, May 26, 2008 at 10:48 PM, mome wrote:
> When passing Apache2::Request object to CGI::Session->new() as the following
>
> sub authen_handler{
> my $self = shift;
> my $req = Apache2::Request->new($r);
> my $session=CGI::Session->new(undef,$req,{Directory=>
> $TMP_SESSION_FOLDER});
> my $sesName = $session->name; # this line cause error
> my $sesID = $session->id;
> ...
> ...}

I'm not sure if CGI::Session works with Apache2::Request. I'd suggest
you either get the session ID yourself. You can create your own CGI
object instead ( CGI->new($r) ) and pass that in, but it just wastes
resources. You're better off handling the cookie yourself.

- Perrin