Clever Geek Handbook

The session doesn't end at Mojolicious

I have a Mojolicious app and a bridge for authentication. This is my scenario:
I have a set of standard error responses in the database that I query by passing in a value, say, returning a 404 with a detailed error response. The database will have general information corresponding to the error, while other user-specific details like ip and username are obtained from the controller. Please see this linkhow the error response is generated. I have a helper that gets a controller instance and an error code to generate the required response. I am using a controller object to query a db through a table result set containing an error response. Through the controller, I also get the user data I need to create the response. A response is then generated and sent back to the controller, which is then returned as Json.
My problem is logging out, I am setting $self->session(expires => 1)

, which invalidates the session. When I try to log out again, I use a controller to access the error response satellite assembly and send it to the client. Now, any attempt to access any of the URIs becomes useless for the first try with the next check.

unless($self->session('user')) {
    my $res = Controller::Helper->error_res($self, 403);
    $self->render_json($res, status => $res->{httpstatuscode});
    return;
    }

This check works for the first time, but when I try to access the resource again (as many times as I want), this check fails and the resource is accessed without logging in. When I look at the cookie, a new cookie is created. Where am I wrong here? And what would be the best way to deal with such problems? The helper function looks like this:

error_res{ 
    my($self,$c,$res) = @_; 
    my @arref = $c->db->resultset('Errorcode')->select_row($res);
    my $ref=$arref[0];
    $ref->{user}=$c->session->{user}->{name};
    $ref->{request}=$c->req->method."".join("\\",$c->req->url->path);
    $ref->{time}=scalar localtime();
    return $ref;
}

Where res

there is an id in the database that identifies a specific error.

So, this is because the controller is still available in the helper? When I don't help $c

in the helper, it doesn't help.
Edit 1: I missed some point here and is this the correct way?
Edit 2: I am unable to log out the user on logout. When the user tries to log out again, I return an error with additional error information. But creating more error information creates a new session without user information. This will not happen if I do the following

unless($self->session('user')) {
    $self->render_json("message:User has not logged in", status => 403);
    return;
}
+3


source to share


2 answers


So I figured out the answer, the odd behavior was caused by the autovivification function in perl. This is due to the dynamic creation of data structures. In my case, I am trying to get the username via the session cookie in

$ref->{user}=$c->session->{user}->{name};


When the user is not logged in, the key is user

not set in the session, but I am trying to get name

through this key when generating an error response. This results in the creation of user

no value. Checking if the key exists user

solved the problem.

+3


source


After reading the comments, I'm sure the framework behaves as expected. You may need to change the logic of the application (as shown in revision 2).

The reason is that the session is just a hashref, serialized JSON, signed and stored in a cookie. If you create a key, then it's there. I don't know what else to tell you.



And yes, a new session file is created immediately after the previous one expires. This is necessary for the structure and is fully expected.

+1


source






More articles:


All Articles