Mailing List Archive

I *just* tackled this problem myself! :-) I couldn't use the DBIStore
because of a bug some think is in PERL...it happens when the Session Manager
tries to connect to the database and throws a "die" because it can't for
whatever reason...the session never gets initialized...

Here's what I did: I switched to using file-based session storage in a tmp
directory under /cgi-bin, which does not allow a malicious user, even if
they knew a session id, to view any of the session information. Here's what
I put in my embpcgi.pl file (you can do the equivalent in your httpd.conf
file):

BEGIN {
# $ENV{EMBPERL_SESSION_CLASSES} = "DBIStore NullLocker";
# $ENV{EMBPERL_SESSION_ARGS} = "DataSource=DBI:mysql:dbname UserName=user
Password=pass";
$ENV{EMBPERL_SESSION_CLASSES} = "FileStore NullLocker";
$ENV{EMBPERL_SESSION_ARGS} =
"Directory=/usr/www/jbrisbin/httpd/cgi-bin/tmp";
};

I tried the DBIStore stuff with the NullLocker, because I was getting errors
when it was using SysV semaphore...so I switched it and this works
perfectly...all you'd have to do would be to put the equivalent PerSetEnv
(or SetEnv) on the SESSION_CLASSES and SESSION_ARGS to your liking...

You might want to try the DBIStore with the NullLocker and see if that helps
any...

Did you set up a table in your mysql db called "sessions" that has is like
"id char(32) not null primary key, a_session text"??

Jon Brisbin
www.jbrisbin.net
mail@jbrisbin.net


----- Original Message -----
From: Eric Knauel <knauel@informatik.uni-tuebingen.de>
To: Embeded PERL ML <embperl@perl.apache.org>
Sent: Wednesday, August 02, 2000 8:24 AM
Subject: Problems with session management


>
> Hi,
>
> I have some trouble getting session management to work. I'm using
> Apache Session 1.03, Embperl 1.3b4 with mod_perl on Apache 1.3.12,
> here what I put in the httpd.conf:
>
> SetEnv EMBPERL_DEBUG 2375713
> SetEnv EMBPERL_VIRTLOG /embperl/log
> PerlSetEnv EMBPERL_COOKIE_DOMAIN "www.macnews.de"
> PerlSetEnv EMBPERL_COOKIE_NAME "SessionID"
> PerlSetEnv EMBPERL_COOKIE_PATH "/umfrage/dialog"
> PerlSetEnv EMBPERL_SESSION_CLASSES "DBIStore SysVSemaphoreLocker"
> PerlSetEnv EMBPERL_SESSION_ARGS "DataSource=dbi:mysql:session
UserName=apache Password=extremlysecret"
> PerlModule Apache::Session
> PerlModule HTML::Embperl
> <Location /dialog/umfrage>
> SetHandler perl-script
> PerlHandler HTML::Embperl
> Options ExecCGI
> </Location>
>
> However I never get a cookie from Embperl! I also tried with FileStore
> instead of DBIStore. Maybe I didn't understand the documentation
> right, but normally this small script should work:
>
> <html>
> <head>
> <title>Test</title>
> </head>
> <body>
> Hmm:<br>
> [$ if defined($udat{sometime}) $]
> <b>First started: [+ $udat{sometime} +]</b><br>
> [$ else $]
> [- $udat{sometime} = localtime; -]
> <b>Setting time to:</b> [+ $udat{sometime} +]
> [$ endif $]
> </body>
> </html>
>
> Everytime I reload this page it prints the server time... What am I
> doing wrong? ;-)
> Please let me know if you need more information!
>
> Ciao,
> Eric
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
>

Hi,
>
> I have some trouble getting session management to work. I'm using
> Apache Session 1.03, Embperl 1.3b4 with mod_perl on Apache 1.3.12,
> here what I put in the httpd.conf:
>
> SetEnv EMBPERL_DEBUG 2375713
> SetEnv EMBPERL_VIRTLOG /embperl/log

> PerlSetEnv EMBPERL_COOKIE_DOMAIN "www.macnews.de"
> PerlSetEnv EMBPERL_COOKIE_NAME "SessionID"
> PerlSetEnv EMBPERL_COOKIE_PATH "/umfrage/dialog"

For testing I would try to remove the above three lines (also I don't know
if the changes anything, but makes things easier for the start)

> PerlSetEnv EMBPERL_SESSION_CLASSES "DBIStore SysVSemaphoreLocker"
> PerlSetEnv EMBPERL_SESSION_ARGS "DataSource=dbi:mysql:session
UserName=apache Password=extremlysecret"
> PerlModule Apache::Session
> PerlModule HTML::Embperl
> <Location /dialog/umfrage>
> SetHandler perl-script
> PerlHandler HTML::Embperl
> Options ExecCGI
> </Location>
>

When Apache starts, you should see a message "Embperl session management
enabled", did you?


> However I never get a cookie from Embperl! I also tried with FileStore
> instead of DBIStore. Maybe I didn't understand the documentation
> right, but normally this small script should work:
>

Yes, the script is ok

Gerald

-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925151
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------

Eric Knauel wrote:

> Hi,
>
> I have some trouble getting session management to work. I'm using
> Apache Session 1.03, Embperl 1.3b4 with mod_perl on Apache 1.3.12,
> here what I put in the httpd.conf:
>
> SetEnv EMBPERL_DEBUG 2375713
> SetEnv EMBPERL_VIRTLOG /embperl/log
> PerlSetEnv EMBPERL_COOKIE_DOMAIN "www.macnews.de"

this should be:
PerlSetEnv EMBPERL_COOKIE_DOMAIN .macnews.de

you listed a host, not a domain. also - doesn't need the quotes.

>
> PerlSetEnv EMBPERL_COOKIE_NAME "SessionID"
> PerlSetEnv EMBPERL_COOKIE_PATH "/umfrage/dialog"
> PerlSetEnv EMBPERL_SESSION_CLASSES "DBIStore SysVSemaphoreLocker"
> PerlSetEnv EMBPERL_SESSION_ARGS "DataSource=dbi:mysql:session UserName=apache Password=extremlysecret"
> PerlModule Apache::Session
> PerlModule HTML::Embperl
> <Location /dialog/umfrage>
> SetHandler perl-script
> PerlHandler HTML::Embperl
> Options ExecCGI
> </Location>
>
> However I never get a cookie from Embperl! I also tried with FileStore
> instead of DBIStore. Maybe I didn't understand the documentation
> right, but normally this small script should work:
>
> <html>
> <head>
> <title>Test</title>
> </head>
> <body>
> Hmm:<br>
> [$ if defined($udat{sometime}) $]
> <b>First started: [+ $udat{sometime} +]</b><br>
> [$ else $]
> [- $udat{sometime} = localtime; -]
> <b>Setting time to:</b> [+ $udat{sometime} +]
> [$ endif $]
> </body>
> </html>
>
> Everytime I reload this page it prints the server time... What am I
> doing wrong? ;-)
> Please let me know if you need more information!
>
> Ciao,
> Eric
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/

Hi Jon,

"Jon Brisbin" <brisbin@ipa.net> writes:

> Here's what I did: I switched to using file-based session storage in a tmp
> directory under /cgi-bin, which does not allow a malicious user, even if
> they knew a session id, to view any of the session information. Here's what
> I put in my embpcgi.pl file (you can do the equivalent in your httpd.conf
> file):

It works now! I switched from mod_perl to execution via cgi-bin and
put your SESSION_CLASSES / ARGS in my httpd.conf with SetEnv. It's a
bit strange that the same seem do not seem to work when using mod_perl...

> You might want to try the DBIStore with the NullLocker and see if that helps
> any...
> Did you set up a table in your mysql db called "sessions" that has is like
> "id char(32) not null primary key, a_session text"??

Yes, but it didn't help. :-( Somehow I can't get DBIStore to work, but
this is not a problem since FileStore is fast enough at the moment. ;)

Thanks for your help!

Ciao,
Eric

Hi Gerald,

"Gerald Richter" <richter@ecos.de> writes:

> When Apache starts, you should see a message "Embperl session management
> enabled", did you?

Yes, but only when I restart apache using apachectl stop/start not
with graceful, is this normal?

Ciao,
Eric
--
E-Mail: knauel@informatik.uni-tuebingen.de eric@macnews.de
http://www-pu.informatik.uni-tuebingen.de/users/knauel

>
> Yes, but only when I restart apache using apachectl stop/start not
> with graceful, is this normal?
>

Yes

Gerald