Mailing List Archive

DeleteSession does not always delete session
Hello,

On my high traffic site, I am finding DeleteSession does not always remove
the session cookie or delete session in MySQL.

In my signout, function I call DeleteSession but the sometimes the session
remains.

From init.epl which is called by base.epl.

# function to signout from the session
sub signout {
my ($self, $req) = @_;
my $log = Log::Log4perl->get_logger(__PACKAGE__);

$log->info("***** Delete Session *****");
# Delete session on signout request
$req->DeleteSession;

my %cookies = $self->get_cookies();
if (defined ($cookies{_session_id})){
$log->info("session_id cookie exists:
$cookies{_session_id}");
}

}

BTW, I have also found that assigning to udat does not always create the
session.

Here is my session config.













*PerlModule EmbperlPerlSetEnv EMBPERL_MAILDEBUG 0PerlSetEnv EMBPERL_OPTIONS
262144PerlSetEnv EMBPERL_MAIL_ERRORS_TO "jtappe@gmail.com
<jtappe@gmail.com>"PerlSetEnv EMBPERL_ESCMODE 0PerlSetEnv
EMBPERL_SESSION_CLASSES "MySQL MySQL"PerlSetEnv EMBPERL_SESSION_ARGS
"DataSource=dbi:mysql:expat:localhost UserName=user Password=pass
LockDataSource=dbi:mysql:expat:localhost LockUserName=user
LockPassword=pass recreate_id=1 lazy=1"PerlSetEnv EMBPERL_SESSION_MODE
1PerlSetEnv Embperl_Cookie_Domain expatriates.com
<http://expatriates.com>PerlSetEnv EMBPERL_COOKIE_NAME
_session_idPerlSetEnv EMBPERL_COOKIE_PATH /PerlSetEnv
EMBPERL_COOKIE_EXPIRES +3M*

What am I doing wrong?

Thanks,
Jim
Re: DeleteSession does not always delete session [ In reply to ]
A few more notes ...

Sometimes I see both EMBPERL_UID and the cookie specified in
*EMBPERL_COOKIE_NAME
"_session_id" present in Chrome Dev tools.*

I can find session information for both session_id and EMBPERL_UID in the
MySQL sessions table.

The EMBPERL_UID has an expiration date of 1969-12-31T23:59:59.000Z

I enabled EMBPERL_DEBUG to track sessions handling as follows.

PerlSetEnv EMBPERL_DEBUG 2097152
PerlSetEnv EMBPERL_LOG /var/log/embperl_log

In the log, I can find the cookie id for session_id but not the cookie id
EMBPERL_UID ?

[26247]PERF: DOMSTAT: MemUsage = 523184 Bytes numNodes = 2308
numLevelLookup = 26 numLevelLookupItem = 526 numStr = 1025 numReplace =
963
[26247]SES: Received Cookie ID: e78594975f537dc7a42715bdc4d3df5e New
Cookie ID: e78594975f537dc7a42715bdc4d3df5e User data is NOT modified
[26247]PERF: input = ???
[26247]PERF: Time: 150 ms



On Mon, Apr 2, 2018 at 8:09 PM, Jim Tappe <jtappe@gmail.com> wrote:

> Hello,
>
> On my high traffic site, I am finding DeleteSession does not always remove
> the session cookie or delete session in MySQL.
>
> In my signout, function I call DeleteSession but the sometimes the session
> remains.
>
> From init.epl which is called by base.epl.
>
> # function to signout from the session
> sub signout {
> my ($self, $req) = @_;
> my $log = Log::Log4perl->get_logger(__PACKAGE__);
>
> $log->info("***** Delete Session *****");
> # Delete session on signout request
> $req->DeleteSession;
>
> my %cookies = $self->get_cookies();
> if (defined ($cookies{_session_id})){
> $log->info("session_id cookie exists:
> $cookies{_session_id}");
> }
>
> }
>
> BTW, I have also found that assigning to udat does not always create the
> session.
>
> Here is my session config.
>
>
>
>
>
>
>
>
>
>
>
>
>
> *PerlModule EmbperlPerlSetEnv EMBPERL_MAILDEBUG 0PerlSetEnv
> EMBPERL_OPTIONS 262144PerlSetEnv EMBPERL_MAIL_ERRORS_TO "jtappe@gmail.com
> <jtappe@gmail.com>"PerlSetEnv EMBPERL_ESCMODE 0PerlSetEnv
> EMBPERL_SESSION_CLASSES "MySQL MySQL"PerlSetEnv EMBPERL_SESSION_ARGS
> "DataSource=dbi:mysql:expat:localhost UserName=user Password=pass
> LockDataSource=dbi:mysql:expat:localhost LockUserName=user
> LockPassword=pass recreate_id=1 lazy=1"PerlSetEnv EMBPERL_SESSION_MODE
> 1PerlSetEnv Embperl_Cookie_Domain expatriates.com
> <http://expatriates.com>PerlSetEnv EMBPERL_COOKIE_NAME
> _session_idPerlSetEnv EMBPERL_COOKIE_PATH /PerlSetEnv
> EMBPERL_COOKIE_EXPIRES +3M*
>
> What am I doing wrong?
>
> Thanks,
> Jim
>
Re: DeleteSession does not always delete session [ In reply to ]
I think (and hope) I found a solution.

In my apache configuration, I removed PerlSetEnv for the cookie settings
and now embperl consistently configures the cookie as configured.

I changed

*PerlSetEnv EMBPERL_COOKIE_PATH /*

to

*EMBPERL_COOKIE_PATH /*

Although, the embperl log still shows requests being made without the
embperl environment variables.

For example,

[6410]REQ: ***** Start Request at Thu Apr 5 12:23:57 2018
[6410]Use App: Expatriates
[6410]ENV: MOD_PERL_API_VERSION=2
[6410]ENV: MOD_PERL=mod_perl/2.0.4
[6410]Using APACHE for output...

Other requests show the environment variables.

[6410]REQ: ***** Start Request at Thu Apr 5 12:23:36 2018
[6410]Use App: Expatriates
[6410]ENV: EMBPERL_MAIL_ERRORS_TO=jtappe@gmail.com
[6410]ENV: EMBPERL_MAILDEBUG=0
[6410]ENV: EXPATLIB=/opt/expatriates.com/lib
[6410]ENV: EMBPERL_COOKIE_PATH=/
[6410]ENV: PATH=/sbin:/usr/sbin:/bin:/usr/bin
[6410]ENV: MOD_PERL_API_VERSION=2
[6410]ENV: EMBPERL_SESSION_MODE=1