[Cgi-session-user] Updates
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] Updates
|
From: Matt L. <mle...@cp...> - 2006-06-09 20:04:47
|
Dear merry CGI::Session users, Fixes are currently in SVN to address bugs 18912, 18873, and 18442 (bugs listed at http://rt.cpan.org/Public/Dist/Display.html?Name=CGI-Session) 18912 gets fixed by returning $val when called as $s->param($key,$val). For the case of $s->param($key,$val,$key2,$val2), it still returns a true value. 18873 just does some untainting. I'm somewhat surprised this was never an issue for anyone. I guess not many people use taint and set the dsn from a config file? 18442 will probably be the one that needs discussion. I have created a _load method that does everything that load does except it doesn't change the access time (off of which expiration is determined) nor does it mark the session as modified. If any parameters are expired, they will not be available in the session. The bugfix alters find to use the new _load instead of load. The bug report informs us that if the cron job runs at an interval less than the expiration time, sessions will never expire. By changing find over to use _load, the user is the only one who changes the access time and thus our sessions will expire because of the user's browsing habits and not our attempts at managing the sessions. If there are no objections, I recommend a release. Thanks, Matt LeBlanc |
