[cgiapp] Data::Session/CGI::Session

Nicholas Bamber nicholas at periapt.co.uk
Sat Dec 18 18:37:51 EST 2010


I notice that a 4.43 o CGI::Session has been released. That should get 
into Debian in due course. Reviewing the Debian bug list I noticed this:

"Session file not being written for driver:File; serializer:Storable" 
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315669)

That appears to be related to #482355
"Storable.pm segfaults when called during global destruction"

And from my brief reading of the bug reports this seems to be related to 
design/backwards compatibility issues
in both CGI::Session and Storable. Can I conclude from that, that the 
best thing to do with #315669
would be to mark it "wontfix" and to suggest that people bother by the 
bug try Data::Session (which would of course will need to be packaged)?



cgiapp-request at lists.openlib.org wrote:
> Today's Topics:
>
>    1. Re: Announce: Data::Session - A re-write of CGI::Session
>       (Ron Savage)
>    2. Re: Announce: Data::Session - A re-write of CGI::Session
>       (Larig Tech)
>    3. Re: Announce: Data::Session - A re-write of CGI::Session
>       (Ron Savage)
>    4. Re: Announce: Data::Session - A re-write of CGI::Session (Lyle)
>    5. Re: Announce: Data::Session - A re-write of CGI::Session
>       (Ron Savage)
>    6. Re: Announce: Data::Session - A re-write of CGI::Session
>       (Mark Stosberg)
>    7. Re: Mark Stosberg's CPAN project management (Mark Stosberg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 06 Dec 2010 06:33:24 +1100
> From: Ron Savage <ron at savage.net.au>
> Subject: Re: [cgiapp] Announce: Data::Session - A re-write of
> 	CGI::Session
> To: CGI Application <cgiapp at lists.openlib.org>
> Message-ID: <1291577604.17421.83.camel at localhost.localdomain>
> Content-Type: text/plain
>
> Hi
>
> On Sun, 2010-12-05 at 15:53 +0000, Larig Tech wrote:
>   
>> Hi Ron,
>> Given the cost to the coder of switching to a different sessions
>> implementation,
>> and the cost to the community of having a separate sessions package, is
>> there
>> any discourse on the benefits of adopting Data::Session?  At the moment
>> you've
>> left me only seeing costs.
>>     
>
> I'm not ordering anyone to switch. Everyone can freely choose to stay with CGI::Session or move.
>
>   
>> After some digging I found "See
>> Data::Session::CGISession<http://search.cpan.org/~rsavage/Data-Session-1.01/lib/Data/Session/CGISession.pm>for
>> an extended
>> discussion of the design changes between
>> Data::Session<http://search.cpan.org/~rsavage/Data-Session-1.01/lib/Data/Session.pm>and
>> CGI::Session <http://search.cpan.org/perldoc?CGI%3A%3ASession>."
>> But again, that just reinforces the costs and none of the benefits; there
>> must
>> be some or you wouldn't have gone to all that effort.  If it's a redesign
>> then I'd
>> expect some examples illustrating what I can do with your package that I
>> can't do with the two market leaders.
>>     
>
> Data::Session is not designed to provide bells and whistles unavailable
> with CGI::Session. It's designed with 2 things in mind:
>
> o To provide an almost identical interface, to minimise transition costs
>
> o To be supported
>
> Have you missed the recent traffic on this subject? At the risk of
> repeating myself, I'll include here the body of an off-list reply I
> typed up minutes ago:
>
> ###################################################################
> It's been born of several years frustration....
>
> o I write almost all the patches for CGI::Session
>
> o And have done for several years (since 2006)
>
> o The original author Sherzod Ruzmetov has dropped out of the Perl scene
>
> o The current maintainer is Mark Stosberg
>
> o He refuses to let me be co-maintainer of the module
>
> o Meaning I can't release patches
>
> o The last release by him is V 4.42 in August 2009 (sic)
>
> o Since then I've made many patches [1] (up to V 4.45), but these are
> locked up in the repository:
>
> http://github.com/cromedome/cgi-session/tree/master
>
> o Off-list msgs to me have revealed deep disquiet and frustration over
> Mark's handling of a number of projects, including CGI::Session
>
> o I have plenty of time available to re-do the code
>
> o Both modules are Open Source...
>
> [1] Here are those patches:
>
> 4.45 - Thursday, February 4, 2010
> * FIX: Make tests use 't/', or a temp dir, for temp files, not '.'.
> * NEW: RT#51191. Update store() in CGI::Session::Driver::DBI,
> CGI::Session::Driver::db_file,
> 	CGI::Session::Driver::file, CGI::Session::Driver::mysql and
> CGI::Session::Driver::postgresql
> 	to accept a 4th parameter, $etime.
> 	Patch CGI::Session to pass this parameter to the storage mechanism
> called within flush().
> 	Note: The code shipped in this module does not yet make any use of this
> parameter.
> 	Thanx to Pavel V. Rochnyack.
> * NEW: Call query->can('cookie') before trying to call query->cookie().
> 	This means the query object does not have to have a cookie() method.
> 	Add corresponding test t/cookie.free.t.
> * NEW: Add {query_class => 'Some::Class'} to the \%session_params in the
> calls to new() and load().
> 	This determines what class other than CGI is 'require'd in the query()
> method.
> 	The default ('CGI') is to 'require' CGI, as always.
> * FIX: Fix a bug in parameter validation in load(). This required a
> corresponding patch to t/load.t.
> * FIX: Rewrite the part of the POD which discusses UTF8.
> * FIX: RT#51192. In load(), check the existence of SESSION_EXPIRE_LIST
> before building
> 	the list of expired paramters. Thanx to Pavel V. Rochnyack.
> * INTERNAL: Add _set_value(), to avoid setting the modified
> 	flag when a value being stored into the object is the same as the
> current value.
> 	Note: All objects loaded via a call to load() - either from within the
> object or by the user -
> 	have their access time set, and hence have the modified flag set. This
> in turn means all such
> 	object are written to disk by flush(). This default behaviour has not
> changed.
> * INTERNAL: Re-write the DESTROY() method, and its docs.
> * INTERNAL: Re-write the the query() method, and its docs.
> * INTERNAL: Re-write the the name() method slightly, and its docs.
> * INTERNAL: Fix: RT#50232. Add these files: MANIFEST, META.yml,
> MYMETA.yml. Thanx to Lawrence L. Gilbert.
> * INTERNAL: Re-work docs (just for CGI::Session) to fix many broken POD
> links.
> * INTERNAL: Patch t/session_param_undef.t to use a temporary directory.
> * INTERNAL: Patch t/bug24285.t and t/flush.t to delete their working
> directory.
> * INTERNAL: Patch t/g4_sqlite_storable.t and t/g4_storable.t to use a
> temporary directory.
>
> 4.44 - Tuesday, September 8, 2009
> * Note: Not uploaded to CPAN.
> * Add sub _report_status() to display the status flags within the
> object. Used for debugging.
> * Change the parameters to load() so that the 4th parameter is always a
> hashref (or undef). In the past
>        it could be a scalar, but this scalar was undocumented.
> * Add a note under load() to explain the previously undocumented 4th
> parameter to load(), which
>        was a scalar only used internally. Explain that now the 4th
> parameter to load() must be a hashref (or undef).
> * Add a note under load() about usage of the global variable
> $CGI::Session::IP_MATCH, and how it can be
>        set with    use CGI::Session qw/ip_match/.    This was previously
> only documented in the POD
>        for CGI::Session::Tutorial.
> * FIX: RT#47795. Fix load() whereby find() can now call load() when
> $CGI::Session::IP_MATCH is set, and
>        sessions are not deleted just because their IP addresses do not
> match the client.
> * Add t/find_ip_matches.t to demonstrate the new behaviour when find()
> calls load(). The new behaviour
>        is that calling find(), which calls load(), with
> $CGI::Session::IP_MATCH set to 1, does not
>        delete the sessions whose IP addresses do not match the client's
> IP address.
>
> 4.43 - Monday, August 31, 2009
> * Note: Not uploaded to CPAN.
> * FIX: RT#48733. Avoid calling sprintf() in CGI::Session::ErrorHandler,
>        to solve taint error for Perl V 5.10.0. All well-written code
> will have
>        been using errstr() to retrieve errors anyway, so this change
> will not
>        affect any code which obeys the API. (Peter Kaminsk, Ron Savage,
> Mark Stosberg)
> * FIX: CGI::Session::Serialize::freezethaw: Change the VERSION line
> syntax to match the other modules.
> * FIX: CGI::Session::Driver::db_file: Ditto.
> * FIX: CGI::Session::Test::Default (Embedded packages): Ditto.
> * FIX: Make the version number the same in all modules.
> * FIX: POD to refer to new (git) repository
> * FIX: Update Changelog.ini
> ###################################################################
>
>   



More information about the cgiapp mailing list