X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fhtml%2FElements%2FSetupSessionCookie;h=3225c0d8c502cc4f6157991225b625aaddc64f80;hp=7a2ad9ff50e86e70e0f639295091294e77b65fb6;hb=75162bb14b3e38d66617077843f4dfdcaf09d5c4;hpb=289340780927b5bac2c7604d7317c3063c6dd8cc

diff --git a/rt/html/Elements/SetupSessionCookie b/rt/html/Elements/SetupSessionCookie
index 7a2ad9ff5..3225c0d8c 100644
--- a/rt/html/Elements/SetupSessionCookie
+++ b/rt/html/Elements/SetupSessionCookie
@@ -1,8 +1,14 @@
-%# BEGIN LICENSE BLOCK
+%# BEGIN BPS TAGGED BLOCK {{{
 %# 
-%# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
+%# COPYRIGHT:
+%#  
+%# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC 
+%#                                          <jesse@bestpractical.com>
 %# 
-%# (Except where explictly superceded by other copyright notices)
+%# (Except where explicitly superseded by other copyright notices)
+%# 
+%# 
+%# LICENSE:
 %# 
 %# This work is made available to you under the terms of Version 2 of
 %# the GNU General Public License. A copy of that license should have
@@ -14,72 +20,114 @@
 %# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 %# General Public License for more details.
 %# 
-%# Unless otherwise specified, all modifications, corrections or
-%# extensions to this work which alter its source code become the
-%# property of Best Practical Solutions, LLC when submitted for
-%# inclusion in the work.
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%# 
+%# 
+%# CONTRIBUTION SUBMISSION POLICY:
+%# 
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
 %# 
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
 %# 
-%# END LICENSE BLOCK
+%# END BPS TAGGED BLOCK }}}
 <%init>
 return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
 
-my %cookies = CGI::Cookie->fetch();
-my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};
-my %backends = (
-    mysql	=> 'Apache::Session::MySQL',
-    Pg		=> 'Apache::Session::Postgres',
-#    Oracle	=> 'Apache::Session::Oracle',
-) unless $RT::WebSessionClass;
-my $session_class = $RT::WebSessionClass || $backends{$RT::DatabaseType} || 'Apache::Session::File';
-my $pm = "$session_class.pm"; $pm =~ s|::|/|g; require $pm;
+my %cookies    = CGI::Cookie->fetch();
+my $cookiename = "RT_SID_" . $RT::rtname . "." . $ENV{'SERVER_PORT'};
+$SessionCookie = $cookies{$cookiename} ? $cookies{$cookiename}->value : undef;
 
-    # morning bug avoidance attempt -- pdh 20030815
-    unless ($RT::Handle->dbh && $RT::Handle->dbh->ping) {
-        $RT::Handle->Connect();
-    }
-    eval {
-        tie %session, $session_class,
-          $SessionCookie || ( $cookies{$cookiename} ? $cookies{$cookiename}->value() : undef ),
-          $backends{$RT::DatabaseType} ? {
-            Handle     => $RT::Handle->dbh,
-            LockHandle => $RT::Handle->dbh,
-          } : {
-            Directory     => $RT::MasonSessionDir,
-            LockDirectory => $RT::MasonSessionDir,
-          };
+my %backends   = (
+    mysql => 'Apache::Session::MySQL',
+    Pg    => 'Apache::Session::Postgres',
+
+    #    Oracle	=> 'Apache::Session::Oracle',
+);
+
+my $session_class = $RT::WebSessionClass
+    || $backends{$RT::DatabaseType}
+    || 'Apache::Session::File';
+my $pm = "$session_class.pm";
+$pm =~ s|::|/|g;
+require $pm;
+
+# morning bug avoidance attempt -- pdh 20030815
+unless ( $RT::Handle->dbh && $RT::Handle->dbh->ping ) {
+    $RT::Handle->Connect();
+}
+
+my $session_properties;
+if ( $session_class eq 'Apache::Session::File' ) {
+    $session_properties = {
+        Directory     => $RT::MasonSessionDir,
+        LockDirectory => $RT::MasonSessionDir,
+        Transaction => 1
     };
-    if ($@) {
+} else {
+    $session_properties = {
+        Handle     => $RT::Handle->dbh,
+        LockHandle => $RT::Handle->dbh,
+        Transaction => 1
+    };
+}
+
+eval {
+    tie %session, $session_class, $SessionCookie, $session_properties
+};
+if ($@) {
 
-        # If the session is invalid, create a new session.
-        if ( $@ =~ /Object does not/i ) {
-            tie %session, $session_class, undef,
-	      $backends{$RT::DatabaseType} ? {
-                Handle     => $RT::Handle->dbh,
-                LockHandle => $RT::Handle->dbh,
-              } : {
-                Directory     => $RT::MasonSessionDir,
-                LockDirectory => $RT::MasonSessionDir,
-              };
-            undef $cookies{$cookiename};
-        }
-        else {
-            die "RT Couldn't write to session directory '$RT::MasonSessionDir': $@. Check that this dir ectory's permissions are correct.";
-        }
+    # If the session is invalid, create a new session.
+    eval {
+        tie %session, $session_class, undef, $session_properties;
+        undef $cookies{$cookiename};
+    };
+}
+elsif ( !($session{'CurrentUser'} && $session{'CurrentUser'}->id) ) {
+    eval {
+        undef $cookies{$cookiename};
+        tied(%session)->delete;
+        tie %session, $session_class, undef, $session_properties;
     }
+}
+
+if ($@) {
+    die loc("RT couldn't store your session.") . "\n"
+        . loc(
+        "This may mean that that the directory '[_1]' isn't writable or a database table is missing or corrupt.",
+        $RT::MasonSessionDir
+        )
+        . "\n\n"
+        . $@;
+}
 
-    if ( !$cookies{$cookiename} ) {
-        my $cookie = new CGI::Cookie(
-            -name  => $cookiename,
-            -value => $session{_session_id},
-            -path  => '/',
-        );
-        $r->header_out('Set-Cookie', $cookie->as_string);
+if ( !$cookies{$cookiename} ) {
+    my $cookie = new CGI::Cookie(
+        -name  => $cookiename,
+        -value => $session{_session_id},
+        -path  => $RT::WebPath,
+        -secure => ($RT::WebSecureCookies ? 1 :0)
+    );
+    $r->headers_out->{'Set-Cookie'} = $cookie->as_string;
 
-    } 
+}
 
-    return();
+return ();
 </%init>
 <%args>
-$SessionCookie => ''
+$SessionCookie => undef
 </%args>