summaryrefslogtreecommitdiff
path: root/rt/html/Elements/SetupSessionCookie
diff options
context:
space:
mode:
Diffstat (limited to 'rt/html/Elements/SetupSessionCookie')
-rw-r--r--rt/html/Elements/SetupSessionCookie126
1 files changed, 68 insertions, 58 deletions
diff --git a/rt/html/Elements/SetupSessionCookie b/rt/html/Elements/SetupSessionCookie
index bd7861355..087f8250e 100644
--- a/rt/html/Elements/SetupSessionCookie
+++ b/rt/html/Elements/SetupSessionCookie
@@ -2,7 +2,7 @@
%#
%# COPYRIGHT:
%#
-%# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC
+%# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC
%# <jesse@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
@@ -22,7 +22,9 @@
%#
%# You should have received a copy of the GNU General Public License
%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/copyleft/gpl.html.
%#
%#
%# CONTRIBUTION SUBMISSION POLICY:
@@ -46,69 +48,77 @@
<%init>
return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
-my %cookies = CGI::Cookie->fetch();
-my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};
-my %backends = (
- mysql => 'Apache::Session::MySQL',
- Pg => 'Apache::Session::Postgres',
-# Oracle => 'Apache::Session::Oracle',
-) unless $RT::WebSessionClass;
-my $session_class = $RT::WebSessionClass || $backends{$RT::DatabaseType} || 'Apache::Session::File';
-my $pm = "$session_class.pm"; $pm =~ s|::|/|g; require $pm;
+my %cookies = CGI::Cookie->fetch();
+my $cookiename = "RT_SID_" . $RT::rtname . "." . $ENV{'SERVER_PORT'};
+$SessionCookie ||= $cookies{$cookiename} ? $cookies{$cookiename}->value : undef;
- # morning bug avoidance attempt -- pdh 20030815
- unless ($RT::Handle->dbh && $RT::Handle->dbh->ping) {
- $RT::Handle->Connect();
- }
+my %backends = (
+ mysql => 'Apache::Session::MySQL',
+ Pg => 'Apache::Session::Postgres',
+
+ # Oracle => 'Apache::Session::Oracle',
+);
+
+my $session_class = $RT::WebSessionClass
+ || $backends{$RT::DatabaseType}
+ || 'Apache::Session::File';
+my $pm = "$session_class.pm";
+$pm =~ s|::|/|g;
+require $pm;
+
+# morning bug avoidance attempt -- pdh 20030815
+unless ( $RT::Handle->dbh && $RT::Handle->dbh->ping ) {
+ $RT::Handle->Connect();
+}
+
+my $session_properties;
+if ( $session_class eq 'Apache::Session::File' ) {
+ $session_properties = {
+ Directory => $RT::MasonSessionDir,
+ LockDirectory => $RT::MasonSessionDir,
+ };
+} else {
+ $session_properties = {
+ Handle => $RT::Handle->dbh,
+ LockHandle => $RT::Handle->dbh,
+ };
+}
+
+eval {
+ tie %session, $session_class, $SessionCookie, $session_properties
+};
+if ($@) {
+
+ # If the session is invalid, create a new session.
eval {
- tie %session, $session_class,
- $SessionCookie || ( $cookies{$cookiename} ? $cookies{$cookiename}->value() : undef ),
- $backends{$RT::DatabaseType} ? {
- Handle => $RT::Handle->dbh,
- LockHandle => $RT::Handle->dbh,
- } : {
- Directory => $RT::MasonSessionDir,
- LockDirectory => $RT::MasonSessionDir,
- };
+ tie %session, $session_class, undef, $session_properties;
+ undef $cookies{$cookiename};
};
- if ($@) {
+}
- # If the session is invalid, create a new session.
- if ( $@ =~ /Object does not/i ) {
- tie %session, $session_class, undef, $backends{$RT::DatabaseType}
- ? {
- Handle => $RT::Handle->dbh,
- LockHandle => $RT::Handle->dbh,
- }
- : {
- Directory => $RT::MasonSessionDir,
- LockDirectory => $RT::MasonSessionDir,
- };
- undef $cookies{$cookiename};
- }
- else {
- die loc("RT couldn't store your session.") . "\n"
- . loc(
-"This may mean that that the directory '[_1]' isn't writable or a database table is missing or corrupt.",
- $RT::MasonSessionDir
- )
- . "\n\n"
- . $@;
- }
- }
+if ($@) {
+ die loc("RT couldn't store your session.") . "\n"
+ . loc(
+ "This may mean that that the directory '[_1]' isn't writable or a database table is missing or corrupt.",
+ $RT::MasonSessionDir
+ )
+ . "\n\n"
+ . $@;
+}
- if ( !$cookies{$cookiename} ) {
- my $cookie = new CGI::Cookie(
- -name => $cookiename,
- -value => $session{_session_id},
- -path => '/',
- );
- $r->headers_out->{'Set-Cookie'} = $cookie->as_string;
+if ( !$cookies{$cookiename} ) {
+ my $cookie = new CGI::Cookie(
+ -name => $cookiename,
+ -value => $session{_session_id},
+ -path => $RT::WebPath,
+ -secure => ($RT::WebSecureCookies ? 1 :0)
+ );
+ $r->headers_out->{'Set-Cookie'} = $cookie->as_string;
- }
+}
- return();
+return ();
</%init>
<%args>
-$SessionCookie => ''
+$SessionCookie => undef
</%args>