[cgiapp] Sessions leaking with FastCGI
Victor Bruno
vicdamone at gmail.com
Thu Jun 16 19:50:17 EDT 2011
I have a webapp in cgiapp (Titanium) that I I recently made persistent with
fastcgi. I am hearing sporadic user reports of sessions "leaking" to the
wrong clients. A user will login and get presented with the homepage of a
different user who is currently logged in and has a live session. I have
been taking stabs at what could be causing it and deploying possible fixes,
only to get another report of it happening again. This problem only cropped
up when I moved to fastcgi. Users are all coming from different IP's so I am
not sure how the CAP:Session could get them mixed up.
I am having a hard time tracking this down. I am using CA:Dispatch,
CAP:Session.
My dispatch script looks like this, so I should be getting a fresh CGI query
object on every call with the my $cgi = CGI::Fast -> new(), right?
use lib 'lib';
use strict;
use CGI::Application::Dispatch;
use CGI::Fast;
use FCGI::ProcManager;
my($proc_manager) = FCGI::ProcManager -> new({n_processes => 10});
$proc_manager -> pm_manage();
while (my $cgi = CGI::Fast -> new() )
{
$proc_manager -> pm_pre_dispatch();
CGI::Application::Dispatch->dispatch(
args_to_new => {QUERY => $cgi, PARAMS => { cfg_file => 'myApp.cfg'} },
table => ['logout' => {
prefix => '', app => 'myApp', rm => 'logout' },
':inst/:app/:rm/:id1?/:id2?/:id3?/:id4?' => { prefix
=> 'myApp::Controller' },
],
);
$proc_manager -> pm_post_dispatch();
}
Also, I am wondering about my call to session_config. I still have that in
cgiapp_init - does that need to move to prerun in a persistent environment?
I did add a $self->session->flush() to my postrun. Are there other things
that needs to be done differently under fastcgi with CAP Session or Dispatch
or CGI::Fast?
Victor
More information about the cgiapp
mailing list