Mailing List Archive

i tested out your site with lwp-request.
you are not sending a Set-Cookie header - so - no cookies are being sent back to
you.
my site uses embperl session handling and we've never had a problem.
perhaps you need to post some more info re: how you have everything configured.

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/
Jon Brisbin wrote:

> I'm having some troubling getting my Embperl installation to do
> persistence...
>
> Here's an example:
> http://www.jbrisbin.net/test.ehtml?action=change&name=John+Doe
>
> If you click on what should be a persistent link, the cookie is not set, and
> the data is not persistent.
>
> The platform is freebsd/apache 1.2.6 (no mod_perl) with Apache::Session 1.03
> (tried 1.5x too) and HTML::Embperl 1.3 installed in my personal directory,
> not in the server's main site_perl directory...(don't know if that makes a
> difference...I just put use lib"blahblah"; in my wrapper, etc...)
>
> Any help would be appreciated! :-) I can use Embperl on this provider, but
> not Apache::ASP, which I like a little bit better, especially with it's
> Session stuff... :-)
>
> Jon Brisbin
> www.jbrisbin.net
> mail.no@spam.jbrisbin.net
>

>
> The platform is freebsd/apache 1.2.6 (no mod_perl) with
> Apache::Session 1.03
> (tried 1.5x too)

You need 1.0x, 1.5x does not work with the current release

> and HTML::Embperl 1.3 installed in my personal directory,
> not in the server's main site_perl directory...(don't know if that makes a
> difference...I just put use lib"blahblah"; in my wrapper, etc...)
>

So you use it as CGI (with embpcgi.pl) ?

> Any help would be appreciated! :-)

Like Cliff already wrote: How and where have you setup
EMBPERL_SESSION_CLASSES and EMBPERL_SESSION_ARGS ?

> I can use Embperl on this
> provider, but
> not Apache::ASP, which I like a little bit better, especially with it's
> Session stuff... :-)
>

What is from your point of view better on the Apache::ASP session handling?

Gerald


-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925151
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------

> here are the instructions:
> http://perl.apache.org/embperl/Embperl.pod.7.html#Session_handling

Yep, read them already...did all that before I came here :-) I found a lot
of sketchy generalizations about what to do (most people I guess use the
MySQL stuff?? I found a lot of references to it, though not one peek of
what an example table and data looks like :-) but no detailed HOW-TO's
etc... The list archives only got me closer to asking the right questions
:-)

Thanks for any help!

Jon Brisbin
www.jbrisbin.net

>
> > Like Cliff already wrote: How and where have you setup
> > EMBPERL_SESSION_CLASSES and EMBPERL_SESSION_ARGS ?
>
> I used the dist. defaults...but am wondering if I shouldn't specify
> exactly...
>

There are _no_ default, because I can't know how your system looks like. You
have to set the following two configuration directives. The easiest thing is
to put this piece of code at the top of your embpcgi.pl:

BEGIN
{
$ENV{EMBPERL_SESSION_CLASSES} = "DBIStore SysVSemaphoreLocker" ;
$ENV{EMBPERL_SESSION_ARGS} = "DataSource=dbi:mysql:session
UserName=test" ;
} ;

of course you need to change the db and user name. For documenation on how
to setup the tables look at

perldoc Apache::Session::DBIStore

> > What is from your point of view better on the Apache::ASP session
> handling?
>
> I found it easier to get it working for starters :-)

I agree, that is a plus.

> Apache::ASP is nice in
> it's session handling because you can integrate the session with the way
> Apache::ASP serves the request (do init and destroy stuff) which I don't
> think you can do in Embperl.

What do you mean with init and destroy stuff?

> The $udat{stuff} thing is pretty handy, though
> $Session->{stuff} isn't that much more typing :-) I can generally code
> things faster in Apache::ASP than I can in Embperl...which I don't
> understand...I'm not sure really where the difference lies, but I know I
can
> get things up and running even quicker than doing it in PHP :-)
>
> One thing I like about the Emperl persistence is the MySQL thing,

That's the reason why you have to do more setup work...

Gerald

-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925151
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------

Gerald Richter wrote:

> >
> > > Like Cliff already wrote: How and where have you setup
> > > EMBPERL_SESSION_CLASSES and EMBPERL_SESSION_ARGS ?
> >
> > I used the dist. defaults...but am wondering if I shouldn't specify
> > exactly...
> >
>
> There are _no_ default, because I can't know how your system looks like. You
> have to set the following two configuration directives. The easiest thing is
> to put this piece of code at the top of your embpcgi.pl:
>
> BEGIN
> {
> $ENV{EMBPERL_SESSION_CLASSES} = "DBIStore SysVSemaphoreLocker" ;
> $ENV{EMBPERL_SESSION_ARGS} = "DataSource=dbi:mysql:session
> UserName=test" ;
> } ;
>

OR if you just want to use a temp storage area then:

BEGIN {
$ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
$ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
}


>
> of course you need to change the db and user name. For documenation on how
> to setup the tables look at
>
> perldoc Apache::Session::DBIStore
>
> > > What is from your point of view better on the Apache::ASP session
> > handling?
> >
> > I found it easier to get it working for starters :-)
>
> I agree, that is a plus.
>
> > Apache::ASP is nice in
> > it's session handling because you can integrate the session with the way
> > Apache::ASP serves the request (do init and destroy stuff) which I don't
> > think you can do in Embperl.
>
> What do you mean with init and destroy stuff?
>
> > The $udat{stuff} thing is pretty handy, though
> > $Session->{stuff} isn't that much more typing :-) I can generally code
> > things faster in Apache::ASP than I can in Embperl...which I don't
> > understand...I'm not sure really where the difference lies, but I know I
> can
> > get things up and running even quicker than doing it in PHP :-)
> >
> > One thing I like about the Emperl persistence is the MySQL thing,
>
> That's the reason why you have to do more setup work...
>
> Gerald
>
> -------------------------------------------------------------
> Gerald Richter ecos electronic communication services gmbh
> Internetconnect * Webserver/-design/-datenbanken * Consulting
>
> Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
> E-Mail: richter@ecos.de Voice: +49 6133 925151
> WWW: http://www.ecos.de Fax: +49 6133 925152
> -------------------------------------------------------------
>
>

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/

>
> OR if you just want to use a temp storage area then:
>
> BEGIN {
> $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> }


Ooh... This creates a security problem...

It would be better to create a dedicated directory for session storage
that was owned and read/writable by the apache userid. Having session
info in /tmp means ANYONE can read and write to it.

> There are _no_ default, because I can't know how your system looks like.
You
> have to set the following two configuration directives. The easiest thing
is
> to put this piece of code at the top of your embpcgi.pl:
>
> BEGIN
> {
> $ENV{EMBPERL_SESSION_CLASSES} = "DBIStore SysVSemaphoreLocker" ;
> $ENV{EMBPERL_SESSION_ARGS} = "DataSource=dbi:mysql:session
> UserName=test" ;
> } ;

aahhh....now we're getting somewhere :-) this makes more sense...

> What do you mean with init and destroy stuff?

The Session_OnStart/OnEnd methods of tha Apache::ASP stuff...I usually do
behind the scripts init type things, which you can emulate in a BEGIN/END,
but for some reason, it's not quite the same thing :-)

I've gotten into putting everything I need in a Util.pm (including begin/end
stuff) and just "use"ing that in my embperl page...I set up Cookie stuff,
hopefully session stuff :-), and the like there, and just use that on every
page I create... 6 of one half-dozen of the other :-)

jb

> > There are _no_ default, because I can't know how your system looks like.
You
> > have to set the following two configuration directives. The easiest
thing is
> > to put this piece of code at the top of your embpcgi.pl:
> >
> > BEGIN
> > {
> > $ENV{EMBPERL_SESSION_CLASSES} = "DBIStore SysVSemaphoreLocker" ;
> > $ENV{EMBPERL_SESSION_ARGS} = "DataSource=dbi:mysql:session
> > UserName=test" ;
> > } ;

when i tried this, first i got:

<apachelog>
[29538]ERR: 24: Line 1: Error in Perl code: semget not implemented at
/usr/local/lib/perl5/5.00502/IPC/Semaphore.pm line 38.
</apachelog>

then i updated Digest::MD5 using CPAN, which then gave me this:

<apachelog>
panic: restartop
panic: POPSTACK
Callback called exit.
[Tue Aug 1 06:55:14 2000] access to /usr/www/jbrisbin/httpd/cgi-bin/epl
failed for 207-50-164-132.dial-up.ipa.net, reason: Premature end of script
headers
</apachelog>

what other locking schemes (read: what is the syntax to use :-) are there
for DBIStore?? i can use file storage just as easy if there's a different
way to do locking than just Semaphore...

jb

>
> what other locking schemes (read: what is the syntax to use :-) are there
> for DBIStore?? i can use file storage just as easy if there's a different
> way to do locking than just Semaphore...
>
Try

perldoc Apache::Session


For the first start it is always good to use NullLocker

Gerald

Getting closer! :-) I changed it to NullLocker, so the cookie gets set
now...I'm still getting this, though (I'm using DBIx::Recordset too...that
*kicks butt*...I love it! :-)...and no records are in the database...

jb

<CGI::Debugouput>

panic: POPSTACK
Callback called exit.

Your program doesn't produce ANY output!


This program finished in 1.000 seconds.

Parameters
----------
!Table = 4[test]
action = 6[change]
name = 11[Jon Brisbin]


Cookies
-------
EMBPERL_UID = 16[9b0be61fb3186bf4]


Environment
-----------
DOCUMENT_ROOT = 30[/usr/www/jbrisbin/httpd/htdocs]
EMBPERL_DEBUG = 6[262192]
EMBPERL_MAIL_ERRORS_TO = 15[brisbin@ipa.net]
EMBPERL_SESSION_ARGS = 64[removed :-)]...
EMBPERL_SESSION_CLASSES = 19[DBIStore NullLocker]
GATEWAY_INTERFACE = 7[CGI/1.1]
HTTP_ACCEPT = 102[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, applica]...
HTTP_ACCEPT_ENCODING = 13[gzip, deflate]
HTTP_ACCEPT_LANGUAGE = 5[en-us]
HTTP_CONNECTION = 10[Keep-Alive]
HTTP_COOKIE = 28[EMBPERL_UID=9b0be61fb3186bf4]
HTTP_HOST = 16[www.jbrisbin.net]
HTTP_USER_AGENT = 54[Mozilla/4.0 (compatible; MSIE 5.0;
Windows 98; DigExt)]
PATH = 34[/etc:/bin:/sbin:/usr/bin:/usr/sbin]
PATH_INFO = 11[/test.ehtml]
PATH_TRANSLATED =
41[/usr/www/jbrisbin/httpd/htdocs/test.ehtml]
QUERY_STRING =
42[action=change&name=Jon+Brisbin&!Table=test]
REDIRECT_EMBPERL_DEBUG = 6[262192]
REDIRECT_EMBPERL_MAIL_ERRORS_TO = 15[brisbin@ipa.net]
REDIRECT_QUERY_STRING =
42[action=change&name=Jon+Brisbin&!Table=test]
REDIRECT_STATUS = 3[200]
REDIRECT_URL = 11[/test.ehtml]
REMOTE_ADDR = 14[207.50.164.132]
REMOTE_HOST = 30[207-50-164-132.dial-up.ipa.net]
REMOTE_PORT = 5[61956]
REQUEST_METHOD = 3[GET]
REQUEST_URI =
54[/test.ehtml?action=change&name=Jon+Brisbin&!Table=test]
SCRIPT_FILENAME = 35[/usr/www/jbrisbin/httpd/cgi-bin/epl]
SCRIPT_NAME = 12[/cgi-bin/epl]
SERVER_ADMIN = 22[webmaster@jbrisbin.net]
SERVER_NAME = 16[www.jbrisbin.net]
SERVER_PORT = 2[80]
SERVER_PROTOCOL = 8[HTTP/1.1]
SERVER_SOFTWARE = 12[Apache/1.2.6]

</CGI::Debugouput>



----- Original Message -----
From: Gerald Richter <richter@ecos.de>
To: Jon Brisbin <brisbin@ipa.net>; ___cliff rayman___ <cliff@genwax.com>;
<embperl@perl.apache.org>
Sent: Tuesday, August 01, 2000 9:42 AM
Subject: Re: persistent problem ;-)


> >
> > what other locking schemes (read: what is the syntax to use :-) are
there
> > for DBIStore?? i can use file storage just as easy if there's a
different
> > way to do locking than just Semaphore...
> >
> Try
>
> perldoc Apache::Session
>
>
> For the first start it is always good to use NullLocker
>
> Gerald
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
>

> > OR if you just want to use a temp storage area then:
> >
> > BEGIN {
> > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > }

I got this to work :-) Which makes me happy...but one other question before
I try it (not really Embperl related, but thought y'all would know :-):

Can I put a <Files> directive in my httpd.conf to disallow viewing of that
directory without affecting the script's execution?? It shouldn't be a
problem, right??

thanks!

jb

Follow-up to this...I forgot that my webserver already disallows viewing of
Indexes in cgi-bin, so that's good, and if you try to pull it up through
"/cgi-bin/tmp/23k4j2l3k4j23" it would give you a 500, so that's pretty
secure, right??

jb

----- Original Message -----
From: Jon Brisbin <brisbin@ipa.net>
To: Erich L. Markert <emarkert@pace.edu>; ___cliff rayman___
<cliff@genwax.com>
Cc: <embperl@perl.apache.org>
Sent: Tuesday, August 01, 2000 10:27 AM
Subject: Re: persistent problem: FIXED...well sorta


> > > OR if you just want to use a temp storage area then:
> > >
> > > BEGIN {
> > > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > > }
>
> I got this to work :-) Which makes me happy...but one other question
before
> I try it (not really Embperl related, but thought y'all would know :-):
>
> Can I put a <Files> directive in my httpd.conf to disallow viewing of that
> directory without affecting the script's execution?? It shouldn't be a
> problem, right??
>
> thanks!
>
> jb
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
>

i don't...I use ~/httpd/cgi-bin/tmp :-) i'm a virtual server on a shared
machine with no root access, so i have to do it this way...the server runs
under my uid, too, so others can't see it that way either...

jb

----- Original Message -----
From: Erich L. Markert <emarkert@pace.edu>
To: Jon Brisbin <brisbin@ipa.net>
Cc: ___cliff rayman___ <cliff@genwax.com>; <embperl@perl.apache.org>
Sent: Tuesday, August 01, 2000 11:38 AM
Subject: Re: persistent problem: FIXED...well sorta


> /tmp isn't viewable via the web by default. You would have to actually
> add a directive to httpd.conf to do so.
>
> I would strongly suggest placing this sessions directory somewhere else
> than /tmp. Even if you change the ownership and permissions on the
> /tmp/sessions directory /tmp has very lax permissions because everyone
> is suppose to be able read/write to this temp storage... That said, bad
> things can happen. As a rule, NEVER, EVER trust data that has been
> stored in /tmp!
>
> Jon Brisbin wrote:
> >
> > > > OR if you just want to use a temp storage area then:
> > > >
> > > > BEGIN {
> > > > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > > > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > > > }
> >
> > I got this to work :-) Which makes me happy...but one other question
before
> > I try it (not really Embperl related, but thought y'all would know :-):
> >
> > Can I put a <Files> directive in my httpd.conf to disallow viewing of
that
> > directory without affecting the script's execution?? It shouldn't be a
> > problem, right??
> >
> > thanks!
> >
> > jb
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> > For additional commands, e-mail: embperl-help@perl.apache.org
>
> --
> __________________________________________________________
> Mr. Erich L. Markert emarkert@pace.edu
> Computer Learning Center TEL (914)422-4328
> Pace University
> 1 Martine Ave
> White Plains, New York 10606-1932
>
> Those who do not understand Unix are condemned to reinvent it, poorly.
> -- Henry Spencer
>

/tmp isn't viewable via the web by default. You would have to actually
add a directive to httpd.conf to do so.

I would strongly suggest placing this sessions directory somewhere else
than /tmp. Even if you change the ownership and permissions on the
/tmp/sessions directory /tmp has very lax permissions because everyone
is suppose to be able read/write to this temp storage... That said, bad
things can happen. As a rule, NEVER, EVER trust data that has been
stored in /tmp!

Jon Brisbin wrote:
>
> > > OR if you just want to use a temp storage area then:
> > >
> > > BEGIN {
> > > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > > }
>
> I got this to work :-) Which makes me happy...but one other question before
> I try it (not really Embperl related, but thought y'all would know :-):
>
> Can I put a <Files> directive in my httpd.conf to disallow viewing of that
> directory without affecting the script's execution?? It shouldn't be a
> problem, right??
>
> thanks!
>
> jb
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org

--
__________________________________________________________
Mr. Erich L. Markert emarkert@pace.edu
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932

Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

> Why not pass back the session key and forget the ../tmp portion of the
> URL?

I was just thinking out loud...

...saying that if you happened to know a valid session id (very unlikely,
since it uses cookies), it's still not possible to view the contents of the
session file in a browser because the server would try to execute that file
and give a 500 error...so storing session data in ~/httpd/cgi-bin/tmp is
pretty safe it would seem to me...just thinking out loud :-)

jb

Why not pass back the session key and forget the ../tmp portion of the
URL?

You can then strip off the session id key and your programs would use
this internally?

Jon Brisbin wrote:
>
> Follow-up to this...I forgot that my webserver already disallows viewing of
> Indexes in cgi-bin, so that's good, and if you try to pull it up through
> "/cgi-bin/tmp/23k4j2l3k4j23" it would give you a 500, so that's pretty
> secure, right??
>
> jb
>
> ----- Original Message -----
> From: Jon Brisbin <brisbin@ipa.net>
> To: Erich L. Markert <emarkert@pace.edu>; ___cliff rayman___
> <cliff@genwax.com>
> Cc: <embperl@perl.apache.org>
> Sent: Tuesday, August 01, 2000 10:27 AM
> Subject: Re: persistent problem: FIXED...well sorta
>
> > > > OR if you just want to use a temp storage area then:
> > > >
> > > > BEGIN {
> > > > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > > > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > > > }
> >
> > I got this to work :-) Which makes me happy...but one other question
> before
> > I try it (not really Embperl related, but thought y'all would know :-):
> >
> > Can I put a <Files> directive in my httpd.conf to disallow viewing of that
> > directory without affecting the script's execution?? It shouldn't be a
> > problem, right??
> >
> > thanks!
> >
> > jb
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> > For additional commands, e-mail: embperl-help@perl.apache.org
> >

--
__________________________________________________________
Mr. Erich L. Markert emarkert@pace.edu
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932

Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

What's the permissions on this directory?

Jon Brisbin wrote:
>
> i don't...I use ~/httpd/cgi-bin/tmp :-) i'm a virtual server on a shared
> machine with no root access, so i have to do it this way...the server runs
> under my uid, too, so others can't see it that way either...
>
> jb
>
> ----- Original Message -----
> From: Erich L. Markert <emarkert@pace.edu>
> To: Jon Brisbin <brisbin@ipa.net>
> Cc: ___cliff rayman___ <cliff@genwax.com>; <embperl@perl.apache.org>
> Sent: Tuesday, August 01, 2000 11:38 AM
> Subject: Re: persistent problem: FIXED...well sorta
>
> > /tmp isn't viewable via the web by default. You would have to actually
> > add a directive to httpd.conf to do so.
> >
> > I would strongly suggest placing this sessions directory somewhere else
> > than /tmp. Even if you change the ownership and permissions on the
> > /tmp/sessions directory /tmp has very lax permissions because everyone
> > is suppose to be able read/write to this temp storage... That said, bad
> > things can happen. As a rule, NEVER, EVER trust data that has been
> > stored in /tmp!
> >
> > Jon Brisbin wrote:
> > >
> > > > > OR if you just want to use a temp storage area then:
> > > > >
> > > > > BEGIN {
> > > > > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > > > > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > > > > }
> > >
> > > I got this to work :-) Which makes me happy...but one other question
> before
> > > I try it (not really Embperl related, but thought y'all would know :-):
> > >
> > > Can I put a <Files> directive in my httpd.conf to disallow viewing of
> that
> > > directory without affecting the script's execution?? It shouldn't be a
> > > problem, right??
> > >
> > > thanks!
> > >
> > > jb
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> > > For additional commands, e-mail: embperl-help@perl.apache.org
> >
> > --
> > __________________________________________________________
> > Mr. Erich L. Markert emarkert@pace.edu
> > Computer Learning Center TEL (914)422-4328
> > Pace University
> > 1 Martine Ave
> > White Plains, New York 10606-1932
> >
> > Those who do not understand Unix are condemned to reinvent it, poorly.
> > -- Henry Spencer
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org

--
__________________________________________________________
Mr. Erich L. Markert emarkert@pace.edu
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932

Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

On Tue, Aug 01, 2000 at 10:18:16AM -0500, Jon Brisbin wrote:
> panic: POPSTACK
> Callback called exit.

This is very familiar to me, although I don't know for sure if this is
connected with your situation. I had this problem regularly connected with
sessions. For me, it was connected with the tie call that sets up the
session. Sometimes if an exception is thrown (with die) within the session
setup code (through Apache::Session and all the other classes involved),
everything goes weird. Sometimes the exception gets through, sometimes it
vanishes and things seem to carry on, sometimes you get this PANIC. A
search on the mod_perl list will find a few references to this, and the
opinion seems to be that this is a bug in Perl, fixed in 5.6 (although I
haven't tried this).

So, my idea is that possibly something is throwing an exception in the setup
of your sessions. Incidentally, my solution was to hack up my own version
of Apache::Session to work around the bug, which is a real mess, but it
works for now. I also regularly get exceptions thrown in my session setup,
because I'm using this to test that the persistent DB connection is still
up, and often it isn't. Long story ...

Jim

--
Jim Peters / __ | \ Aguazul
/ /| /| )| /| / )|| \
jim@aguazul. \ (_|(_|(_|(_| )(_|I / www.aguazul.
demon.co.uk \ ._) _/ / demon.co.uk

I've seen this done. I think (could be wrong) that Minivend, or was it
Perlshop, does something like this.

I, personnally, always get nervous (call me paranoid) when data is
residing off a directory that is accessible by httpd daemon - one admin
configuration mistake and viola! instant access to sensitive material.

Jon Brisbin wrote:
>
> > Why not pass back the session key and forget the ../tmp portion of the
> > URL?
>
> I was just thinking out loud...
>
> ...saying that if you happened to know a valid session id (very unlikely,
> since it uses cookies), it's still not possible to view the contents of the
> session file in a browser because the server would try to execute that file
> and give a 500 error...so storing session data in ~/httpd/cgi-bin/tmp is
> pretty safe it would seem to me...just thinking out loud :-)
>
> jb

--
__________________________________________________________
Mr. Erich L. Markert emarkert@pace.edu
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932

Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

that is a good point.
i use a different directory than /tmp/sessions and it is only writable by
the httpd user which is not a user that has logon privileges.
cliff

"Erich L. Markert" wrote:

> >
> > OR if you just want to use a temp storage area then:
> >
> > BEGIN {
> > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > }
>
> Ooh... This creates a security problem...
>
> It would be better to create a dedicated directory for session storage
> that was owned and read/writable by the apache userid. Having session
> info in /tmp means ANYONE can read and write to it.

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/

> Can't you use ~/sessions, i.e. create or directory directly undern your
home
> directory, or have you only access to the part of your home dierectory
that
> is access able via http? (maybe ~httpd/sessions works also?)

yeah...i guess i could do that too...that would keep it completely away from
the web server :-) i just used tmp/ under cgi-bin because it was there from
CGI::Persistent and sundry experiments...

jb

>

> i don't...I use ~/httpd/cgi-bin/tmp :-) i'm a virtual server on a shared
> machine with no root access, so i have to do it this way...the server runs
> under my uid, too, so others can't see it that way either...
>

Can't you use ~/sessions, i.e. create or directory directly undern your home
directory, or have you only access to the part of your home dierectory that
is access able via http? (maybe ~httpd/sessions works also?)

Gerald

> On Tue, Aug 01, 2000 at 10:18:16AM -0500, Jon Brisbin wrote:
> > panic: POPSTACK
> > Callback called exit.
>
> This is very familiar to me, although I don't know for sure if this is
> connected with your situation. I had this problem regularly connected
with
> sessions.

It's a problem related to DBI, or better to the dynamic loading of modules
with XS code (i.e. DBD drivers).

As Jim correctly pointed out, the panic occurs when the DBD driver throws an
expection (i.e. dies), for example because you have given a wrong database
name or have not the permissions to access the database.

In most cases where I have seen this problem, it had been could solved by
loading the Perl modules (including the DBD driver) at server startup (when
running under mod_perl) or to put a series of "use" for all modules you need
that include some XS code, at the top of embpcgi.pl, e.g.

use DBI ;
use DBD::mysql ;
use Apache::Session ;
....

I too think it's a bug in Perl, but we have to work around...

Gerald

> In most cases where I have seen this problem, it had been could solved by
> loading the Perl modules (including the DBD driver) at server startup
(when
> running under mod_perl) or to put a series of "use" for all modules you
need
> that include some XS code, at the top of embpcgi.pl, e.g.
>
> use DBI ;
> use DBD::mysql ;
> use Apache::Session ;
> ....


i tried this, but it still carped on me...i'm using the right dbname, user,
and password because DBI works fine outside of embperl using these
settings...


i guess i'm relegated to using file-based...which is really not that bad,
just thought it would be nice to use the mysql locking :-)

jb