Mailing List Archive

Has anybody used this successfully?

________________________________
From: Duncan Garland [Duncan.Garland@motortrak.com]
Sent: 17 October 2013 10:05
To: The elegant MVC web framework
Subject: [Catalyst] change_session_id

Hi,

Is there a trick to using change_session_id to change the session id on a successful logon?

It seems to correctly change everything. You can successfully print the old session id and the new session id, and view the contents of the new session. However, DBIC trips up when writing the final session data. It tries to use the old session id.

DELETE FROM mbfl2_sessions WHERE ( id = ? ): 'session:bc58aff5ce5e8ba3a90402c0b57a9d5bcba8b532'
DELETE FROM mbfl2_sessions WHERE ( id = ? ): 'flash:bc58aff5ce5e8ba3a90402c0b57a9d5bcba8b532'
UPDATE mbfl2_sessions SET expires = ?, session_data = ? WHERE ( id = ? ): '1382007089', 'BQgDAAAACwoHZGVmYXVsdAAAAAxfX3VzZXJfcmVhbG0IfwAAAAhub19jb3VudAoRMjY4NTk5XzEz
ODE5OTk4NzEAAAANdGVtcF9xdW90ZV9pZAQDAAAAAAAAAApqYXZhc2NyaXB0BAMAAAAKBAMAAAAB
CgdaNDI5MzkzAAAAFXJlZ2lzdGVydXNlci9yZWdpc3RlcgAAAB9tYmZsMjo6Q29udHJvbGxlcjo6
UmVnaXN0ZXJVc2VyBAMAAAABCgdaOTM2NjM1AAAAFWRpYWdub3N0aWNzL3Nob3dfZm9ybQAAAB5t
YmZsMjo6Q29udHJvbGxlcjo6RGlhZ25vc3RpY3MEAwAAAAEKB1oxMTM1ODgAAAAMbG9naW4vaW5k
ZXh4AAAAGG1iZmwyOjpDb250cm9sbGVyOjpMb2dpbgQDAAAAAwoHWjM3MTg1OQAAABFkZWFsZXIv
Y29udGFjdF91cwoHWjA3NjA1OAAAABlkZWFsZXIvb2ZmaWNpYWxfd29ya3Nob3BzCgdaODU5ODEw
AAAAFmRlYWxlci9zZXJ2aWNlX29wdGlvbnMAAAAZbWJmbDI6OkNvbnRyb2xsZXI6OkRlYWxlcgQD
AAAAAgoHWjE3NDE4NQAAAAZpbmRleHgKB1oyMDQ1MjAAAAAEaG9tZQAAABdtYmZsMjo6Q29udHJv
bGxlcjo6Um9vdAQDAAAAAQoHWjM2MjcyMQAAABRubHB2ZWhpY2xlL2NhbGN1bGF0ZQAAAB1tYmZs
Mjo6Q29udHJvbGxlcjo6TmxwVmVoaWNsZQQDAAAAAQoHWjc0MzU4MgAAABNyZWZyZXNoZGF0YS9y
ZWZyZXNoAAAAHm1iZmwyOjpDb250cm9sbGVyOjpSZWZyZXNoRGF0YQQDAAAAAgoHWjY4MDgwNwAA
ABpqYXZhc2NyaXB0L2dlbmVyYWxfd2l0aF9pZAoHWjE5MTQ2OQAAABFqYXZhc2NyaXB0L3NpZ25p
bgAAAB1tYmZsMjo6Q29udHJvbGxlcjo6SmF2YXNjcmlwdAQDAAAAAQoHWjg4Mjc4MQAAABlsYW5k
aW5ncGFnZS9sYW5kaW5nX3BhZ2UyAAAAHm1iZmwyOjpDb250cm9sbGVyOjpMYW5kaW5nUGFnZQQD
AAAABAoHWjA1MjQ1NQAAAAxubHAvcmVtaW5kZXIKB1oyMTc4NjYAAAAKbmxwL3NpZ25pbgoHWjgz
MTY4NgAAAA1ubHAvZ2V0X3ZhbHVlCgdaNjAwMDYxAAAADW5scC9zZXRfdmFsdWUAAAAWbWJmbDI6
OkNvbnRyb2xsZXI6Ok5scAAAAAtjc3JmX3Rva2VucwUAAAATcGFzc3dvcmRfaXNfaW52YWxpZAoK
MTM4MTk5OTg4OQAAAAlfX3VwZGF0ZWQEAwAAAAMKCDExNjE4MDc4AAAAC3RyYWNraW5nX2lkBAIA
AAABBAMAAAACChEyNjg1OTlfMTM4MTk5OTg3MQAAAAV2YWx1ZQoNdGVtcF9xdW90ZV9pZAAAAAtn
bG9iYWxfbmFtZQAAAAdnbG9iYWxzChEyNjg1OTlfMTM4MTk5OTg3MQAAAA10ZW1wX3F1b3RlX2lk
AAAACnRlbXBfcXVvdGUKCjEzODE5OTk4NzEAAAAJX19jcmVhdGVkBQAAACFpbmRpdmlkdWFsX2Rl
YWxlcl9ncm91cF9wYXJhbWV0ZXIEAwAAABkKAUEAAAAGc3RhdHVzCgVBZG1pbgAAAAhmb3JlbmFt
ZQoTMjAxMC0xMi0wMiAxMToyMDo1MgAAAAxkYXRlX2NyZWF0ZWQFAAAABGhlYXIFAAAACWRhc2hf
b25seQodZHVuY2FuLmdhcmxhbmRAbW90b3J0cmFrMi5jb20AAAAFZW1haWwFAAAAC25vdGJ5X3Bo
b25lCitlckVGR1J4QVRhSE1XQWpwZEg5bTVjczYxdEZGTGZoNkpVZXJ5NjRpMnZvAAAACHBhc3N3
b3JkCgMxMjEAAAACaWQFAAAAD2FkcF9jdXN0b21lcl9pZAoBTgAAAAdpc19wb29sBQAAAApub3Ri
eV9wb3N0CgMxMjEAAAAKY2hhbmdlZF9ieQoTMjAxMy0xMC0xNCAxMzoxMTo1MwAAAAxkYXRlX3Vw
ZGF0ZWQFAAAAC25vdGJ5X2VtYWlsCgFZAAAAD2p1c3RfY2hhbmdlZF95bgoFYWRtaW4AAAAIdXNl
cm5hbWUKBUFkbWluAAAAB3N1cm5hbWUKAU4AAAAKZGVsZXRlZF95bgUAAAASYWRwX3N0YXR1c19t
ZXNzYWdlCgExAAAAEWhhc19oYXNoX3Bhc3N3b3JkBQAAAAlub3RieV9zbXMKAVkAAAAWYWRwX2N1
c3RvbWVyX3RlbXBfZmxhZwoCTXIAAAAFdGl0bGUKAVMAAAAEdHlwZQAAAAZfX3VzZXI=
', 'session:bc58aff5ce5e8ba3a90402c0b57a9d5bcba8b532'
[17/Oct/2013:09:51:29] ERROR Catalyst::__ANON__ 1968 - Caught exception in engine "Can't update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948): row not found at /usr/share/perl5/DBIx/Class/Schema.pm line 1088
DBIx::Class::Schema::throw_exception('MBFL2SCHEMA=HASH(0x9ba66c0)', 'Can\'t update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948):...') called at /usr/share/perl5/DBIx/Class/ResultSource.pm line 1982
DBIx::Class::ResultSource::throw_exception('DBIx::Class::ResultSource::Table=HASH(0x9cade90)', 'Can\'t update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948):...') called at /usr/share/perl5/DBIx/Class/Row.pm line 1460
DBIx::Class::Row::throw_exception('mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948)', 'Can\'t update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948):...') called at /usr/share/perl5/DBIx/Class/Row.pm line 506
Is there something I need to set immediately after calling change_session_id?

Thanks

If its a bug it would benefit from a minimal test case. If its not explained well in the docs it would benefit from an improvement there. Sorry, haven't used the feature myself.

Sent from my phone, so please excuse spelling mistakes, brevity etc.

On 18/10/2013, at 19:05, Duncan Garland <Duncan.Garland@motortrak.com> wrote:

> Has anybody used this successfully?
>
> From: Duncan Garland [Duncan.Garland@motortrak.com]
> Sent: 17 October 2013 10:05
> To: The elegant MVC web framework
> Subject: [Catalyst] change_session_id
>
> Hi,
>
> Is there a trick to using change_session_id to change the session id on a successful logon?
>
> It seems to correctly change everything. You can successfully print the old session id and the new session id, and view the contents of the new session. However, DBIC trips up when writing the final session data. It tries to use the old session id.
>
> DELETE FROM mbfl2_sessions WHERE ( id = ? ): 'session:bc58aff5ce5e8ba3a90402c0b57a9d5bcba8b532'
> DELETE FROM mbfl2_sessions WHERE ( id = ? ): 'flash:bc58aff5ce5e8ba3a90402c0b57a9d5bcba8b532'
> UPDATE mbfl2_sessions SET expires = ?, session_data = ? WHERE ( id = ? ): '1382007089', 'BQgDAAAACwoHZGVmYXVsdAAAAAxfX3VzZXJfcmVhbG0IfwAAAAhub19jb3VudAoRMjY4NTk5XzEz
> ODE5OTk4NzEAAAANdGVtcF9xdW90ZV9pZAQDAAAAAAAAAApqYXZhc2NyaXB0BAMAAAAKBAMAAAAB
> CgdaNDI5MzkzAAAAFXJlZ2lzdGVydXNlci9yZWdpc3RlcgAAAB9tYmZsMjo6Q29udHJvbGxlcjo6
> UmVnaXN0ZXJVc2VyBAMAAAABCgdaOTM2NjM1AAAAFWRpYWdub3N0aWNzL3Nob3dfZm9ybQAAAB5t
> YmZsMjo6Q29udHJvbGxlcjo6RGlhZ25vc3RpY3MEAwAAAAEKB1oxMTM1ODgAAAAMbG9naW4vaW5k
> ZXh4AAAAGG1iZmwyOjpDb250cm9sbGVyOjpMb2dpbgQDAAAAAwoHWjM3MTg1OQAAABFkZWFsZXIv
> Y29udGFjdF91cwoHWjA3NjA1OAAAABlkZWFsZXIvb2ZmaWNpYWxfd29ya3Nob3BzCgdaODU5ODEw
> AAAAFmRlYWxlci9zZXJ2aWNlX29wdGlvbnMAAAAZbWJmbDI6OkNvbnRyb2xsZXI6OkRlYWxlcgQD
> AAAAAgoHWjE3NDE4NQAAAAZpbmRleHgKB1oyMDQ1MjAAAAAEaG9tZQAAABdtYmZsMjo6Q29udHJv
> bGxlcjo6Um9vdAQDAAAAAQoHWjM2MjcyMQAAABRubHB2ZWhpY2xlL2NhbGN1bGF0ZQAAAB1tYmZs
> Mjo6Q29udHJvbGxlcjo6TmxwVmVoaWNsZQQDAAAAAQoHWjc0MzU4MgAAABNyZWZyZXNoZGF0YS9y
> ZWZyZXNoAAAAHm1iZmwyOjpDb250cm9sbGVyOjpSZWZyZXNoRGF0YQQDAAAAAgoHWjY4MDgwNwAA
> ABpqYXZhc2NyaXB0L2dlbmVyYWxfd2l0aF9pZAoHWjE5MTQ2OQAAABFqYXZhc2NyaXB0L3NpZ25p
> bgAAAB1tYmZsMjo6Q29udHJvbGxlcjo6SmF2YXNjcmlwdAQDAAAAAQoHWjg4Mjc4MQAAABlsYW5k
> aW5ncGFnZS9sYW5kaW5nX3BhZ2UyAAAAHm1iZmwyOjpDb250cm9sbGVyOjpMYW5kaW5nUGFnZQQD
> AAAABAoHWjA1MjQ1NQAAAAxubHAvcmVtaW5kZXIKB1oyMTc4NjYAAAAKbmxwL3NpZ25pbgoHWjgz
> MTY4NgAAAA1ubHAvZ2V0X3ZhbHVlCgdaNjAwMDYxAAAADW5scC9zZXRfdmFsdWUAAAAWbWJmbDI6
> OkNvbnRyb2xsZXI6Ok5scAAAAAtjc3JmX3Rva2VucwUAAAATcGFzc3dvcmRfaXNfaW52YWxpZAoK
> MTM4MTk5OTg4OQAAAAlfX3VwZGF0ZWQEAwAAAAMKCDExNjE4MDc4AAAAC3RyYWNraW5nX2lkBAIA
> AAABBAMAAAACChEyNjg1OTlfMTM4MTk5OTg3MQAAAAV2YWx1ZQoNdGVtcF9xdW90ZV9pZAAAAAtn
> bG9iYWxfbmFtZQAAAAdnbG9iYWxzChEyNjg1OTlfMTM4MTk5OTg3MQAAAA10ZW1wX3F1b3RlX2lk
> AAAACnRlbXBfcXVvdGUKCjEzODE5OTk4NzEAAAAJX19jcmVhdGVkBQAAACFpbmRpdmlkdWFsX2Rl
> YWxlcl9ncm91cF9wYXJhbWV0ZXIEAwAAABkKAUEAAAAGc3RhdHVzCgVBZG1pbgAAAAhmb3JlbmFt
> ZQoTMjAxMC0xMi0wMiAxMToyMDo1MgAAAAxkYXRlX2NyZWF0ZWQFAAAABGhlYXIFAAAACWRhc2hf
> b25seQodZHVuY2FuLmdhcmxhbmRAbW90b3J0cmFrMi5jb20AAAAFZW1haWwFAAAAC25vdGJ5X3Bo
> b25lCitlckVGR1J4QVRhSE1XQWpwZEg5bTVjczYxdEZGTGZoNkpVZXJ5NjRpMnZvAAAACHBhc3N3
> b3JkCgMxMjEAAAACaWQFAAAAD2FkcF9jdXN0b21lcl9pZAoBTgAAAAdpc19wb29sBQAAAApub3Ri
> eV9wb3N0CgMxMjEAAAAKY2hhbmdlZF9ieQoTMjAxMy0xMC0xNCAxMzoxMTo1MwAAAAxkYXRlX3Vw
> ZGF0ZWQFAAAAC25vdGJ5X2VtYWlsCgFZAAAAD2p1c3RfY2hhbmdlZF95bgoFYWRtaW4AAAAIdXNl
> cm5hbWUKBUFkbWluAAAAB3N1cm5hbWUKAU4AAAAKZGVsZXRlZF95bgUAAAASYWRwX3N0YXR1c19t
> ZXNzYWdlCgExAAAAEWhhc19oYXNoX3Bhc3N3b3JkBQAAAAlub3RieV9zbXMKAVkAAAAWYWRwX2N1
> c3RvbWVyX3RlbXBfZmxhZwoCTXIAAAAFdGl0bGUKAVMAAAAEdHlwZQAAAAZfX3VzZXI=
> ', 'session:bc58aff5ce5e8ba3a90402c0b57a9d5bcba8b532'
> [17/Oct/2013:09:51:29] ERROR Catalyst::__ANON__ 1968 - Caught exception in engine "Can't update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948): row not found at /usr/share/perl5/DBIx/Class/Schema.pm line 1088
> DBIx::Class::Schema::throw_exception('MBFL2SCHEMA=HASH(0x9ba66c0)', 'Can\'t update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948):...') called at /usr/share/perl5/DBIx/Class/ResultSource.pm line 1982
> DBIx::Class::ResultSource::throw_exception('DBIx::Class::ResultSource::Table=HASH(0x9cade90)', 'Can\'t update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948):...') called at /usr/share/perl5/DBIx/Class/Row.pm line 1460
> DBIx::Class::Row::throw_exception('mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948)', 'Can\'t update mbfl2::Model::DB::Mbfl2Session=HASH(0xb6f6948):...') called at /usr/share/perl5/DBIx/Class/Row.pm line 506
> Is there something I need to set immediately after calling change_session_id?
>
> Thanks
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

On 18/10/13 7:05 PM, Duncan Garland wrote:
> Has anybody used this successfully?

We do use it in one project; the code in production looks like this:

# New session id on successful auth.
$c->change_session_id;
$c->_session_store_delegate( undef ); # delete any cached delegate

Unfortunately I don't remember why the call to the
"_session_store_delegate" was required. I'd go digging further if I
wasn't madly packing for OSDC in a few hours :( Just hope it helps!

Regards,
Russell.
--
Programmer,
Strategic Data
www.strategicdata.com.au

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Hi Russell,

That works in the simple case of a single process webserver. I'll report back if there are any side-effects when we move it on to a multi-process webserver. I don't see why there should be. I think you done me a big favour.

Looks like it's just an omission in the pod.

Many thanks

Duncan

________________________________________
From: Russell Jenkins [russell.jenkins@strategicdata.com.au]
Sent: 18 October 2013 10:53
To: The elegant MVC web framework
Subject: Re: [Catalyst] RE: change_session_id

On 18/10/13 7:05 PM, Duncan Garland wrote:
> Has anybody used this successfully?

We do use it in one project; the code in production looks like this:

# New session id on successful auth.
$c->change_session_id;
$c->_session_store_delegate( undef ); # delete any cached delegate

Unfortunately I don't remember why the call to the
"_session_store_delegate" was required. I'd go digging further if I
wasn't madly packing for OSDC in a few hours :( Just hope it helps!

Regards,
Russell.
--
Programmer,
Strategic Data
www.strategicdata.com.au

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

On 19/10/2013, at 3:25 AM, Duncan Garland <Duncan.Garland@motortrak.com> wrote:

> Hi Russell,
>
> That works in the simple case of a single process webserver. I'll report back if there are any side-effects when we move it on to a multi-process webserver. I don't see why there should be. I think you done me a big favour.
>
> Looks like it's just an omission in the pod.
>

Its not really an omission, its a bug - calling a pseudo private method ($c->_something) from external code is naughty.

> Many thanks
>
> Duncan
>
> ________________________________________
> From: Russell Jenkins [russell.jenkins@strategicdata.com.au]
> Sent: 18 October 2013 10:53
> To: The elegant MVC web framework
> Subject: Re: [Catalyst] RE: change_session_id
>
> On 18/10/13 7:05 PM, Duncan Garland wrote:
>> Has anybody used this successfully?
>
> We do use it in one project; the code in production looks like this:
>
> # New session id on successful auth.
> $c->change_session_id;
> $c->_session_store_delegate( undef ); # delete any cached delegate
>
> Unfortunately I don't remember why the call to the
> "_session_store_delegate" was required. I'd go digging further if I
> wasn't madly packing for OSDC in a few hours :( Just hope it helps!
>
> Regards,
> Russell.
> --
> Programmer,
> Strategic Data
> www.strategicdata.com.au
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/