From: <an...@io...> - 2006-02-01 15:17:08
|
Chris Winters wrote: > Try that change and see what happens. I think I found the problem. I changed the $class->create as you instructed and because it caused the problems to be more visible, we figured out how to replicate the problem. The problem seems to happen in some cases where we do a redirect: Calling CTX->response->redirect calls $self->save_session, which in case of a tied session unties it. When Adapter calls $response->send, the $self->save_session is called again, but now the session is untied and for some reason lacks the _session_id key. Previously this just led to an error being reported (since no session was created by _create_session and it couldn't be sent to the user) but now this results in a new session being created which has no session id and thus the user is kicked out. We fixed this currently by removing the $self->save_session from the redirect-function, but I can't say for sure if it is somehow vital that the session is saved already at that point. You seem to have added the session saving to the redirect function in October 2004, commenting: "OIN-48: always save the session when doing a redirect" Do you happen to remember why you did that change? To me it seems that the session is always saved in the beginning of $response->send and thus the session is always saved even without the call in redirect-function. I also don't know why untie (or something else) removes the _session_id key, but because of that it seems that save_session should not be called twice or we end up in problems since we have already lost our session_id. So.. your insight on the matter would be more than welcome :) - Antti |