Re: [Cgi-session-user] Taint problem with CGI::Session

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

A related problem may have been reported on August 23, 2006.=0A=0AMy login.=
cgi script creates a session file, and the file is normal. Then login.cgi r=
edirects to index.cgi. When index.cgi starts, the session file is normal. I=
ndex.cgi updates the session expiration time, but when the script finishes,=
 the session file has nothing in it -- it is a zero-length file.=0A=0AIn ad=
dition, I see the following error message in the CGI log file:=0A=0A[Sun Oc=
t 15 07:57:03 2006] index.cgi:   (in cleanup) Can't call method "FETCH" on =
an undefined value at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Data/Dum=
per.pm line 106 during global destruction.=0A=0AI declared "my $session;" a=
t the top of, and outside of all the functions of, my source file.=0A=0AI h=
ave found two work-arounds:=0A=0A1. Remove taint checking: "#!/usr/bin/perl=
 -w" instead of "#!/usr/bin/perl -wT".=0A=0A2. Add a call to "$session->flu=
sh();" after "$session->expire($Conf::session_expiration_seconds);"=0A=0AMy=
 server is running Fedora 5, perl v5.8.8 built for i386-linux-thread-multi,=
 and I am using CGI::Session 3.95. All the CGI scripts run under SSL (https=
).=0A=0A=0A=0A=0A