[Cgi-session-user] ip_match + find problem
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] ip_match + find problem
|
From: Ryley B. <rbr...@pr...> - 2006-04-25 19:26:20
|
Hi, I have some code that checks all sessions for certain variables on a regular basis. The code uses CGI::Session::find to get each session and check some of the data (perfectly normal, I'm sure). The issue that comes up is that I also use ip_match for security. Since CGI::Session::find calls CGI::Session::load, which then checks that the IP in the session matches the callers remote IP, and it ends up deleting every session that isn't from the same IP as the caller. One solution I see is to just disable CGI::Session::IP_MATCH before I call find, and then enable it afterwards... But it seems somewhat inelegant. Something that would require more work might be to have find and load share some code that does the thawing of the session data, or possibly change load to work differently if it's called from find, but I don't really know enough about this module yet to say for sure. Since I'm using the DBI Driver, I also see an opportunity here to pull down all the session data at once from the database, rather than doing one call per session. Please CC me on any replies, as I'm not subscribed to this list. Regards, Ryley Breiddal PresiNET Systems |
