[cgiapp] CAP::Authentication not working properly with CAP::Session

[George Hartzell]

Bradley C Bailey writes:
 > Richard,
 > 
 > > Hope someone can help with this. I'm having a major headache with 
 > > authentication and sessions.
 > > 
 > > With authentication configured to use STORE => Cookie I can login & out 
 > > OK, but each request generates a new CGISESSID, even when logged in. 
 > > When I switch to STORE => Session, I cannot login at all, but get 
 > > bounced back to the login page. The sessions table remains empty. The db 
 > > access is working ok as I get invalid login message and login attempt 
 > > 1,2,3, etc if I enter incorrect username or passwd, so it must be 
 > > reading the users table ok.
 > > 
 > > I have several other apps which works perfectly with CAP::Session and 
 > > CAP::Authentication, and I can use the session_config and anthen_config 
 > > settings interchangeably between apps, but the 'working configs' do not 
 > > make the current app. use sessions properly. All modules (CGI::Session, 
 > > CGI::Application, CAP::Session, CAP::Authentication) are current. There 
 > > is obviously something about the current app that is different to the 
 > > others, but I cannot see it.
 > > 
 > > In the CGI::Session docs there is a mention of session->flush, and if I 
 > > use this in teardown(), then sessions do start to work, providing I use 
 > > $self->session_delete after logout. Odd because I've never had to use 
 > > session->flush before.
 > 
 > What kind of environment are you using?
 > 
 > Sessions are supposed to automatically flush() when they go out of scope 
 > and are DESTROYed.  I have never had to explicitly call flush().  If you 
 > are using some kind of persistent environment (ie: mod_perl, FastCGI, 
 > ...) make sure something isn't keeping the session around.
 > [...]

I can't test it until tonight/this weekend, but I wonder if CA::Server
(and probably CAD::Server) should be added to that list of things that
might keep something hanging around?

g.