FAQ
Hi,

Catalyst:: Plugin:: Session documents the following behavior:

"To let these users access your site you can either disable address
verification as a whole, or provide a checkbox in the login dialog that
tells the server that it's OK for the address of the client to change.
When the server sees that this box is checked it should delete the
__address special key from the session hash when the hash is first created."

The Code dococument a other behavior:


if ( $c->_session_plugin_config->{verify_address}
&& $session_data->{__address} ne $c->request->address )
{
$c->log->warn(
"Deleting session $sid due to address mismatch ("
. $session_data->{__address} . " != "
. $c->request->address . ")"
);
$c->delete_session("address mismatch");
return;
}


A patch with test I added. Looking forward to your feedback.

Jens
-------------- next part --------------
Index: t/lib/SessionTestApp.pm
===================================================================
--- t/lib/SessionTestApp.pm (Revision 14028)
+++ t/lib/SessionTestApp.pm (Arbeitskopie)
@@ -9,6 +9,10 @@
__PACKAGE__->config('Plugin::Session' => {
# needed for live_verify_user_agent.t; should be harmless for other tests
verify_user_agent => 1,
+
+ # need for live_verify_address.t; should be harmless for other tests
+ verify_address => 1,
+
});

__PACKAGE__->setup;
Index: t/lib/SessionTestApp/Controller/Root.pm
===================================================================
--- t/lib/SessionTestApp/Controller/Root.pm (Revision 14028)
+++ t/lib/SessionTestApp/Controller/Root.pm (Arbeitskopie)
@@ -13,6 +13,14 @@
$c->res->output("logged in");
}

+sub login_without_address : Global {
+ my ( $self, $c ) = @_;
+ $c->session;
+ $c->log->debug($c->request->address);
+ delete $c->session->{__address};
+ $c->res->output("logged in (without address)");
+}
+
sub logout : Global {
my ( $self, $c ) = @_;
$c->res->output(
Index: t/live_verify_address.t
===================================================================
--- t/live_verify_address.t (Revision 0)
+++ t/live_verify_address.t (Revision 0)
@@ -0,0 +1,59 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Test::More;
+
+BEGIN {
+ eval { require Catalyst::Plugin::Session::State::Cookie; Catalyst::Plugin::Session::State::Cookie->VERSION(0.03) }
+ or plan skip_all =>
+ "Catalyst::Plugin::Session::State::Cookie 0.03 or higher is required for this test";
+
+ eval {
+ require Test::WWW::Mechanize::Catalyst;
+ Test::WWW::Mechanize::Catalyst->VERSION(0.51);
+ }
+ or plan skip_all =>
+ 'Test::WWW::Mechanize::Catalyst >= 0.51 is required for this test';
+
+ plan tests => 12;
+}
+
+use lib "t/lib";
+use Test::WWW::Mechanize::Catalyst "SessionTestApp";
+
+# Test without delete __address
+local $ENV{REMOTE_ADDR} = "192.168.1.1";
+
+my $ua = Test::WWW::Mechanize::Catalyst->new( {} );
+$ua->get_ok( "http://localhost/login" );
+$ua->content_contains('logged in');
+
+$ua->get_ok( "http://localhost/set_session_variable/logged/in" );
+$ua->content_contains('session variable set');
+
+
+# Change Client
+local $ENV{REMOTE_ADDR} = "192.168.1.2";
+
+$ua->get_ok( "http://localhost/get_session_variable/logged");
+$ua->content_contains('VAR_logged=n.a.');
+
+# Inital Client
+local $ENV{REMOTE_ADDR} = "192.168.1.1";
+
+$ua->get_ok( "http://localhost/login_without_address" );
+$ua->content_contains('logged in (without address)');
+
+$ua->get_ok( "http://localhost/set_session_variable/logged/in" );
+$ua->content_contains('session variable set');
+
+# Change Client
+local $ENV{REMOTE_ADDR} = "192.168.1.2";
+
+$ua->get_ok( "http://localhost/get_session_variable/logged" );
+$ua->content_contains('VAR_logged=in');
+
+
+
Index: lib/Catalyst/Plugin/Session.pm
===================================================================
--- lib/Catalyst/Plugin/Session.pm (Revision 14028)
+++ lib/Catalyst/Plugin/Session.pm (Arbeitskopie)
@@ -225,6 +225,7 @@

no warnings 'uninitialized'; # ne __address
if ( $c->_session_plugin_config->{verify_address}
+ && exists $session_data->{__address}
&& $session_data->{__address} ne $c->request->address )
{
$c->log->warn(

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedJun 4, '11 at 9:28p
activeJun 4, '11 at 9:28p
posts1
users1
websitecatalystframework.org
irc#catalyst

1 user in discussion

Jens Gassmann: 1 post

People

Translate

site design / logo © 2022 Grokbase