[cgiapp] Sessions leaking with FastCGI

Fri Jun 17 00:29:23 EDT 2011

Thanks, Ron.

I am going to try moving my session_config call to prerun from init, since
init does not get called on every page request with FastCGI.

I am also beginning to wonder if mod_perl isn't a more proven alternative.
I was just looking at an old message from Cees Hek in the cgiapp archive
that discusses the different options for using mod_perl.

> Hi Victor

> Looks like no-one replied via the list.

> I'll take a guess, but I don't use FastCGI.

> More below.

> On Thu, 2011-06-16 at 18:50 -0500, Victor Bruno wrote:
> > I have a webapp in cgiapp (Titanium) that I I recently made persistent
with
> > fastcgi.   I am hearing sporadic user reports of sessions "leaking" to
the
> > wrong clients.  A user will login and get presented with the homepage of
a
> > different user who is currently logged in and has a live session.  I
have
> > been taking stabs at what could be causing it and deploying possible
fixes,
> > only to get another report of it happening again.  This problem only
cropped
> > up when I moved to fastcgi. Users are all coming from different IP's so
I am
> > not sure how the CAP:Session could get them mixed up.

> Possibilities:

> o The bug was there all along, but moving to FastCGI exposed it

> o The bug is in FastCGI

> o The bug is in your new code which handles FastCGI

> > I am having a hard time tracking this down. I am using CA:Dispatch,
> > CAP:Session.

> I don't believe this bug is in those modules.

> > My dispatch script looks like this, so I should be getting a fresh CGI
query
> > object on every call with the my $cgi = CGI::Fast -> new(), right?

> I assume so, yes.

> > use lib 'lib';
> > 
> > use strict;
> > 
> >  
> > 
> > use CGI::Application::Dispatch;
> > 
> > use CGI::Fast;
> > 
> > use FCGI::ProcManager;  
> > 
> >  
> > 
> > my($proc_manager) = FCGI::ProcManager -> new({n_processes => 10});
> > 
> > $proc_manager -> pm_manage();
> > 
> >  
> > 
> > while (my $cgi = CGI::Fast -> new() )
> > 
> > {
> > 
> >     $proc_manager -> pm_pre_dispatch();
> > 
> >  
> > 
> >     CGI::Application::Dispatch->dispatch(
> > 
> >     args_to_new => {QUERY => $cgi, PARAMS => { cfg_file => 'myApp.cfg'}
},
> > 
> >     table   => ['logout'
=> {
> > prefix => '', app => 'myApp', rm => 'logout' },
> > 
> >                 ':inst/:app/:rm/:id1?/:id2?/:id3?/:id4?'        => {
prefix
> > => 'myApp::Controller' },
> > 
> >     ],
> > 
> >     );
> > 
> >  
> > 
> >     $proc_manager -> pm_post_dispatch();
> > 
> > }
> > 
> >  
> > 
> > Also, I am wondering about my call to session_config.  I still have that
in
> > cgiapp_init - does that need to move to prerun in a persistent
environment?
> > I did add a $self->session->flush() to my postrun.  Are there other
things
> > that needs to be done differently under fastcgi with CAP Session or
Dispatch
> > or CGI::Fast?

> I don't think moving it would make any difference. I always
> cgiapp_prerun myself.

> -- 
> Ron Savage
> http://savage.net.au/
> Ph: 0421 920 622

#####  CGI::Application community mailing list  ################
##                                                            ##
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://lists.openlib.org/mailman/listinfo/cgiapp    ##
##                                                            ##
##  Web archive:   http://lists.openlib.org/pipermail/cgiapp/   ##
##  Wiki:          http://cgiapp.erlbaum.net/                 ##
##                                                            ##
################################################################