Loading ...
Sorry, an error occurred while loading the content.
 

Off Topic - Apache::Session::MySQL and invalid Session IDs

Expand Messages
  • Jonathan
    I m hoping someone here has a suggestion- I wrote my mod_perl app with Session::File (local development) and am migrating it to Session::MySQL so it could
    Message 1 of 5 , Oct 17, 2005
      I'm hoping someone here has a suggestion-

      I wrote my mod_perl app with Session::File (local development) and am
      migrating it to Session::MySQL so it could cluster

      I ran into this issue:

      If I try to tie with a session id that doesn't exist in the db,
      the app catches an Apache::Session die

      Ideally:

      If I try to tie with a session id that doesn't exist in the db,
      the app rewrites the session id to null (which generates a new
      session id)

      to handle this under Session::File, I had a function validate the
      session id given from cookie/url/getpost
      a_ is it 32 char (since ids are md5_hex generated) ?
      b_ does the file exist in the session file dir ?

      then the app tied to an existing session , or , a new one

      I can't figure out how to do this with Session::MySQL cleanly - the
      only idea that I've come up with is pre-caching the db handle and
      doing a SQL select to see if the record exists -- but then I end up
      making 2 sql queries for the session data when 1 is really all that
      should be necessary.

      clearly i'm missing something obvious - can someone set me straight?
    • Jonathan
      I m hoping someone here has a suggestion- I wrote my mod_perl app with Session::File (local development) and am migrating it to Session::MySQL so it could
      Message 2 of 5 , Oct 17, 2005
        I'm hoping someone here has a suggestion-

        I wrote my mod_perl app with Session::File (local development) and am
        migrating it to Session::MySQL so it could cluster

        I ran into this issue:

        If I try to tie with a session id that doesn't exist in the db,
        the app catches an Apache::Session die

        Ideally:

        If I try to tie with a session id that doesn't exist in the db,
        the app rewrites the session id to null (which generates a new
        session id)

        to handle this under Session::File, I had a function validate the
        session id given from cookie/url/getpost
        a_ is it 32 char (since ids are md5_hex generated) ?
        b_ does the file exist in the session file dir ?

        then the app tied to an existing session , or , a new one

        I can't figure out how to do this with Session::MySQL cleanly - the
        only idea that I've come up with is pre-caching the db handle and
        doing a SQL select to see if the record exists -- but then I end up
        making 2 sql queries for the session data when 1 is really all that
        should be necessary.

        clearly i'm missing something obvious - can someone set me straight?

        (apologies if this is posted 2x, i accidentally submitted from an
        unsubscribed address)
      • Perrin Harkins
        ... The standard approach here is to eval{} that and if it throws an exception you check to see if it s the one from using an unknown ID or something else, and
        Message 3 of 5 , Oct 17, 2005
          On Mon, 2005-10-17 at 14:18 -0400, Jonathan wrote:
          > I ran into this issue:
          >
          > If I try to tie with a session id that doesn't exist in the db,
          > the app catches an Apache::Session die

          The standard approach here is to eval{} that and if it throws an
          exception you check to see if it's the one from using an unknown ID or
          something else, and if it is you try to tie again with an empty ID.

          > Ideally:
          >
          > If I try to tie with a session id that doesn't exist in the db,
          > the app rewrites the session id to null (which generates a new
          > session id)

          That's basically what I'm describing above. Just use the exception as a
          signal that the session ID is not in there.

          > I can't figure out how to do this with Session::MySQL cleanly - the
          > only idea that I've come up with is pre-caching the db handle and
          > doing a SQL select to see if the record exists -- but then I end up
          > making 2 sql queries for the session data when 1 is really all that
          > should be necessary.

          This is not as good as catching the exception, since you do two queries
          all the time instead of only when you need to.

          - Perrin
        • John ORourke
          Hi Jonathan, I don t know the Session:: stuff but it sounds like something I did with DBI - I use persistent handlers so I needed my own custom version of
          Message 4 of 5 , Oct 18, 2005
            Hi Jonathan,

            I don't know the Session:: stuff but it sounds like something I did with
            DBI - I use persistent handlers so I needed my own custom version of
            Apache2::DBI.

            Why not subclass Session::MySQL and have the new() (or equivalent)
            method do your validation on the handle before calling $self->SUPER::new() ?

            John

            Jonathan wrote:

            > I'm hoping someone here has a suggestion-
            >
            > I wrote my mod_perl app with Session::File (local development) and am
            > migrating it to Session::MySQL so it could cluster
            >
            > I ran into this issue:
            >
            > If I try to tie with a session id that doesn't exist in the db, the
            > app catches an Apache::Session die
          • Risanecek
            ... Don t know whether this is related, but I had also problems with session Ids, in the way that they were garbled, after the 4-5th request there was all of
            Message 5 of 5 , Oct 19, 2005
              On 10/17/05, Jonathan <jvanasco@...> wrote:
              > I'm hoping someone here has a suggestion-
              >
              > I wrote my mod_perl app with Session::File (local development) and am
              > migrating it to Session::MySQL so it could cluster
              >
              > I ran into this issue:
              >
              > If I try to tie with a session id that doesn't exist in the db,
              > the app catches an Apache::Session die

              Don't know whether this is related, but I had also problems
              with session Ids, in the way that they were garbled, after the
              4-5th request there was all of sudden a ' apostrophe in the
              session-id. This happened only on my configuration
              (was libapreq 2.04-dev, Mason 1.28, and the unfortunate
              1.99-pre renaming modperl. Also we used the
              MasonX::Request:WithApache2Session from Beau

              After an upgrade to the contemporary infrastructure these
              probs went away.

              Richard
            Your message has been successfully submitted and would be delivered to recipients shortly.