FAQ
this is all a brand new install on ubuntu 7, so all deps should be
most recent off my mirror. any ideas?



root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for Catalyst::Plugin::Session::State::Cookie
root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07# make
cp lib/Catalyst/Plugin/Session/State/Cookie.pm
blib/lib/Catalyst/Plugin/Session/State/Cookie.pm
Manifying blib/man3/Catalyst::Plugin::Session::State::Cookie.3pm
root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01use............ok
t/02pod............skipped
all skipped: set TEST_POD to enable this test
t/03podcoverage....skipped
all skipped: Test::Pod::Coverage 1.04 required
t/basic............ok
t/live_app.........ok 1/0
# Failed test 'cookie expiration was extended'
# at t/live_app.t line 72.
# '1189038714'
# <
# '1189038714'
t/live_app.........NOK 9# Looks like you failed 1 test of 11.
t/live_app.........dubious
Test returned status 1 (wstat 256, 0x100)
DIED. FAILED test 9
Failed 1/11 tests, 90.91% okay
Failed Test Stat Wstat Total Fail Failed List of Failed
-------------------------------------------------------------------------------
t/live_app.t 1 256 11 1 9.09% 9
2 tests skipped.
Failed 1/5 test scripts, 80.00% okay. 1/25 subtests failed, 96.00% okay.
make: *** [test_dynamic] Error 1




root@ubuntu7-vm:~# perl -V
Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
Platform:
osname=linux, osvers=2.6.15.7, archname=i486-linux-gnu-thread-multi
uname='linux rothera 2.6.15.7 #1 smp sat sep 30 10:21:42 utc 2006
i686 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
-Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
-Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
-Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
-Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
-Dsitelib=/usr/local/share/perl/5.8.8
-Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1
-Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
-Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
-Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
-Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
hint=recommended, useposix=true, d_sigactionÞfine
usethreadsÞfine use5005threads=undef useithreadsÞfine
usemultiplicityÞfine
useperlioÞfine d_sfio=undef uselargefilesÞfine usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITSd',
optimize='-O2',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
-fno-strict-aliasing -pipe -I/usr/local/include'
ccversion='', gccversion='4.1.2 (Ubuntu 4.1.2-0ubuntu4)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder34
d_longlongÞfine, longlongsize=8, d_longdblÞfine, longdblsize
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
alignbytes=4, prototypeÞfine
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
perllibs=-ldl -lm -lpthread -lc -lcrypt
libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
gnulibc_version='2.5'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl):
Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
Built under linux
Compiled at Mar 6 2007 01:40:14
@INC:
/etc/perl
/usr/local/lib/perl/5.8.8
/usr/local/share/perl/5.8.8
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.8
/usr/share/perl/5.8
/usr/local/lib/site_perl
.
root@ubuntu7-vm:~#

Search Discussions

  • Daniel McBrearty at Sep 6, 2007 at 2:03 pm
    I just forwarded this to Yuval.

    On 9/6/07, Daniel McBrearty wrote:
    this is all a brand new install on ubuntu 7, so all deps should be
    most recent off my mirror. any ideas?



    root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
    perl Makefile.PL
    Checking if your kit is complete...
    Looks good
    Writing Makefile for Catalyst::Plugin::Session::State::Cookie
    root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07# make
    cp lib/Catalyst/Plugin/Session/State/Cookie.pm
    blib/lib/Catalyst/Plugin/Session/State/Cookie.pm
    Manifying blib/man3/Catalyst::Plugin::Session::State::Cookie.3pm
    root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
    make test
    PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
    "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
    t/01use............ok
    t/02pod............skipped
    all skipped: set TEST_POD to enable this test
    t/03podcoverage....skipped
    all skipped: Test::Pod::Coverage 1.04 required
    t/basic............ok
    t/live_app.........ok 1/0
    # Failed test 'cookie expiration was extended'
    # at t/live_app.t line 72.
    # '1189038714'
    # <
    # '1189038714'
    t/live_app.........NOK 9# Looks like you failed 1 test of 11.
    t/live_app.........dubious
    Test returned status 1 (wstat 256, 0x100)
    DIED. FAILED test 9
    Failed 1/11 tests, 90.91% okay
    Failed Test Stat Wstat Total Fail Failed List of Failed
    -------------------------------------------------------------------------------
    t/live_app.t 1 256 11 1 9.09% 9
    2 tests skipped.
    Failed 1/5 test scripts, 80.00% okay. 1/25 subtests failed, 96.00% okay.
    make: *** [test_dynamic] Error 1




    root@ubuntu7-vm:~# perl -V
    Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
    Platform:
    osname=linux, osvers=2.6.15.7, archname=i486-linux-gnu-thread-multi
    uname='linux rothera 2.6.15.7 #1 smp sat sep 30 10:21:42 utc 2006
    i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
    -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
    -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
    -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
    -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
    -Dsitelib=/usr/local/share/perl/5.8.8
    -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1
    -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
    -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
    -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
    -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigactionÞfine
    usethreadsÞfine use5005threads=undef useithreadsÞfine
    usemultiplicityÞfine
    useperlioÞfine d_sfio=undef uselargefilesÞfine usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
    -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include
    -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITSd',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
    -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.1.2 (Ubuntu 4.1.2-0ubuntu4)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder34
    d_longlongÞfine, longlongsize=8, d_longdblÞfine, longdblsize
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
    lseeksize=8
    alignbytes=4, prototypeÞfine
    Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
    gnulibc_version='2.5'
    Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'


    Characteristics of this binary (from libperl):
    Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
    PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
    USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
    Built under linux
    Compiled at Mar 6 2007 01:40:14
    @INC:
    /etc/perl
    /usr/local/lib/perl/5.8.8
    /usr/local/share/perl/5.8.8
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.8
    /usr/share/perl/5.8
    /usr/local/lib/site_perl
    .
    root@ubuntu7-vm:~#

    --
    Daniel McBrearty
    email : danielmcbrearty at gmail.com
    http://www.engoi.com
    http://danmcb.vox.com
    http://danmcb.blogger.com
    find me on linkedin and facebook
    BTW : 0873928131
  • Daniel McBrearty at Sep 6, 2007 at 10:17 pm
    ok, i searched the list but stupidly didn't look at cpan bugtracker
    ... it is a reported bug. in fact there seem to be several issues with
    the live_app.t in 0.07

    what's the implication? sessions will time out even if though the user
    has revisited?

    as i have nothing better to do, and need this sorted, i'll have a dig
    in the source. chance to see how some of this stuff works underneath.
    if anyone has any pointers or has been here already, that is always
    interesting.

    who knows i might actually get someplace :-)


    On 9/6/07, Daniel McBrearty wrote:
    I just forwarded this to Yuval.

    On 9/6/07, Daniel McBrearty wrote:
    this is all a brand new install on ubuntu 7, so all deps should be
    most recent off my mirror. any ideas?



    root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
    perl Makefile.PL
    Checking if your kit is complete...
    Looks good
    Writing Makefile for Catalyst::Plugin::Session::State::Cookie
    root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07# make
    cp lib/Catalyst/Plugin/Session/State/Cookie.pm
    blib/lib/Catalyst/Plugin/Session/State/Cookie.pm
    Manifying blib/man3/Catalyst::Plugin::Session::State::Cookie.3pm
    root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
    make test
    PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
    "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
    t/01use............ok
    t/02pod............skipped
    all skipped: set TEST_POD to enable this test
    t/03podcoverage....skipped
    all skipped: Test::Pod::Coverage 1.04 required
    t/basic............ok
    t/live_app.........ok 1/0
    # Failed test 'cookie expiration was extended'
    # at t/live_app.t line 72.
    # '1189038714'
    # <
    # '1189038714'
    t/live_app.........NOK 9# Looks like you failed 1 test of 11.
    t/live_app.........dubious
    Test returned status 1 (wstat 256, 0x100)
    DIED. FAILED test 9
    Failed 1/11 tests, 90.91% okay
    Failed Test Stat Wstat Total Fail Failed List of Failed
    -------------------------------------------------------------------------------
    t/live_app.t 1 256 11 1 9.09% 9
    2 tests skipped.
    Failed 1/5 test scripts, 80.00% okay. 1/25 subtests failed, 96.00% okay.
    make: *** [test_dynamic] Error 1




    root@ubuntu7-vm:~# perl -V
    Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
    Platform:
    osname=linux, osvers=2.6.15.7, archname=i486-linux-gnu-thread-multi
    uname='linux rothera 2.6.15.7 #1 smp sat sep 30 10:21:42 utc 2006
    i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
    -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
    -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
    -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
    -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
    -Dsitelib=/usr/local/share/perl/5.8.8
    -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1
    -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
    -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
    -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
    -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigactionÞfine
    usethreadsÞfine use5005threads=undef useithreadsÞfine
    usemultiplicityÞfine
    useperlioÞfine d_sfio=undef uselargefilesÞfine usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
    -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include
    -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITSd',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
    -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.1.2 (Ubuntu 4.1.2-0ubuntu4)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder34
    d_longlongÞfine, longlongsize=8, d_longdblÞfine, longdblsize
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
    lseeksize=8
    alignbytes=4, prototypeÞfine
    Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
    gnulibc_version='2.5'
    Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'


    Characteristics of this binary (from libperl):
    Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
    PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
    USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
    Built under linux
    Compiled at Mar 6 2007 01:40:14
    @INC:
    /etc/perl
    /usr/local/lib/perl/5.8.8
    /usr/local/share/perl/5.8.8
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.8
    /usr/share/perl/5.8
    /usr/local/lib/site_perl
    .
    root@ubuntu7-vm:~#

    --
    Daniel McBrearty
    email : danielmcbrearty at gmail.com
    http://www.engoi.com
    http://danmcb.vox.com
    http://danmcb.blogger.com
    find me on linkedin and facebook
    BTW : 0873928131

    --
    Daniel McBrearty
    email : danielmcbrearty at gmail.com
    http://www.engoi.com
    http://danmcb.vox.com
    http://danmcb.blogger.com
    find me on linkedin and facebook
    BTW : 0873928131
  • Emanuele Zeppieri at Sep 7, 2007 at 7:43 am

    Daniel McBrearty wrote:

    ok, i searched the list but stupidly didn't look at cpan bugtracker
    ... it is a reported bug. in fact there seem to be several issues with
    the live_app.t in 0.07

    what's the implication? sessions will time out even if though the user
    has revisited?
    Exactly (because the cookie expire time is not updated, despite the
    accesses - so you have a fixed-duration session).

    This is the documented behaviour though:
    http://search.cpan.org/~nuffin/Catalyst-Plugin-Session-0.18/lib/Catalyst/Plugin/Session.pm#METHODS

    (see: session_expires $reset)

    But then we have another problem (or two):

    first, the session_expires method really does not take any argument (any
    argument passed to it is simply ignored - have a look at the source).
    This may seem at first only a documentation bug, but it implies that any
    time you call session_expires(), even with no arguments (for example
    only to get the session expire time), you have this undocumented
    side-effect which extends the session duration.

    Second, for fixed duration sessions, the session expiration control
    relies solely on the presence of the cookie sent by the browser: so a
    user can turn a fixed duration session into an extended session simply
    by editing the cookie expire time (this is a security bug IMO).

    I've got a fix for these problems, which basically just restores what
    the docs have always said (so it should break no existing code) and it
    also eliminates the security bug, but I'm waiting for the author to see
    if he approves that approach or if he prefers to get rid of the fixed
    duration sessions at all and have only extended sessions by default (as
    the mentioned live_app.t test seems to imply).

    (Actually, the current code seems to be half-way between this two
    choices, so to say...)

    Anyway, if you have time, any further research would be interesting.

    Cheers,
    Emanuele.
  • Daniel McBrearty at Sep 7, 2007 at 9:24 am
    Hi Emanuele

    thanks for the response. I took a look with the debugger this morning
    but didn't have too much time ... you are obviously much further with
    this than me.

    whatever happens, the code should at least be fixed enough to give
    some sensible default behaviour, along with a docs patch, and be able
    to get through tests. For my needs, your fix would be fine. If it is
    no worse than the previous state of affairs, it should be used IMO

    the current situation is that "CPAN Task::Catalyst" DIES because of
    this. so it ought to be high priority to at least fix that, IMO

    could you post a patch for the solution that you have?

    thanks

    Daniel


    On 9/7/07, Emanuele Zeppieri wrote:
    Daniel McBrearty wrote:
    ok, i searched the list but stupidly didn't look at cpan bugtracker
    ... it is a reported bug. in fact there seem to be several issues with
    the live_app.t in 0.07

    what's the implication? sessions will time out even if though the user
    has revisited?
    Exactly (because the cookie expire time is not updated, despite the
    accesses - so you have a fixed-duration session).

    This is the documented behaviour though:
    http://search.cpan.org/~nuffin/Catalyst-Plugin-Session-0.18/lib/Catalyst/Plugin/Session.pm#METHODS

    (see: session_expires $reset)

    But then we have another problem (or two):

    first, the session_expires method really does not take any argument (any
    argument passed to it is simply ignored - have a look at the source).
    This may seem at first only a documentation bug, but it implies that any
    time you call session_expires(), even with no arguments (for example
    only to get the session expire time), you have this undocumented
    side-effect which extends the session duration.

    Second, for fixed duration sessions, the session expiration control
    relies solely on the presence of the cookie sent by the browser: so a
    user can turn a fixed duration session into an extended session simply
    by editing the cookie expire time (this is a security bug IMO).

    I've got a fix for these problems, which basically just restores what
    the docs have always said (so it should break no existing code) and it
    also eliminates the security bug, but I'm waiting for the author to see
    if he approves that approach or if he prefers to get rid of the fixed
    duration sessions at all and have only extended sessions by default (as
    the mentioned live_app.t test seems to imply).

    (Actually, the current code seems to be half-way between this two
    choices, so to say...)

    Anyway, if you have time, any further research would be interesting.

    Cheers,
    Emanuele.

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/

    --
    Daniel McBrearty
    email : danielmcbrearty at gmail.com
    http://www.engoi.com
    http://danmcb.vox.com
    http://danmcb.blogger.com
    find me on linkedin and facebook
    BTW : 0873928131

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedSep 5, '07 at 11:37p
activeSep 7, '07 at 9:24a
posts5
users2
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2021 Grokbase