Hi,
Catalyst:: Plugin:: Session documents the following behavior:
"To let these users access your site you can either disable address
verification as a whole, or provide a checkbox in the login dialog that
tells the server that it's OK for the address of the client to change.
When the server sees that this box is checked it should delete the
__address special key from the session hash when the hash is first created."
The Code dococument a other behavior:
if ( $c->_session_plugin_config->{verify_address}
&& $session_data->{__address} ne $c->request->address )
{
$c->log->warn(
"Deleting session $sid due to address mismatch ("
. $session_data->{__address} . " != "
. $c->request->address . ")"
);
$c->delete_session("address mismatch");
return;
}
A patch with test I added. Looking forward to your feedback.
Jens
Index: t/lib/SessionTestApp.pm
===================================================================
--- t/lib/SessionTestApp.pm (Revision 14028)
+++ t/lib/SessionTestApp.pm (Arbeitskopie)
@@ -9,6 +9,10 @@
__PACKAGE__->config('Plugin::Session' => {
# needed for live_verify_user_agent.t; should be harmless for other tests
verify_user_agent => 1,
+
+ # need for live_verify_address.t; should be harmless for other tests
+ verify_address => 1,
+
});
__PACKAGE__->setup;
Index: t/lib/SessionTestApp/Controller/Root.pm
===================================================================
--- t/lib/SessionTestApp/Controller/Root.pm (Revision 14028)
+++ t/lib/SessionTestApp/Controller/Root.pm (Arbeitskopie)
@@ -13,6 +13,14 @@
$c->res->output("logged in");
}
+sub login_without_address : Global {
+ my ( $self, $c ) = @_;
+ $c->session;
+ $c->log->debug($c->request->address);
+ delete $c->session->{__address};
+ $c->res->output("logged in (without address)");
+}
+
sub logout : Global {
my ( $self, $c ) = @_;
$c->res->output(
Index: t/live_verify_address.t
===================================================================
--- t/live_verify_address.t (Revision 0)
+++ t/live_verify_address.t (Revision 0)
@@ -0,0 +1,59 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Test::More;
+
+BEGIN {
+ eval { require Catalyst::Plugin::Session::State::Cookie;
Catalyst::Plugin::Session::State::Cookie->VERSION(0.03) }
+ or plan skip_all =>
+ "Catalyst::Plugin::Session::State::Cookie 0.03 or higher is required for
this test";
+
+ eval {
+ require Test::WWW::Mechanize::Catalyst;
+ Test::WWW::Mechanize::Catalyst->VERSION(0.51);
+ }
+ or plan skip_all =>
+ 'Test::WWW::Mechanize::Catalyst >= 0.51 is required for this test';
+
+ plan tests => 12;
+}
+
+use lib "t/lib";
+use Test::WWW::Mechanize::Catalyst "SessionTestApp";
+
+# Test without delete __address
+local $ENV{REMOTE_ADDR} = "192.168.1.1";
+
+my $ua = Test::WWW::Mechanize::Catalyst->new( {} );
+$ua->get_ok( "http://localhost/login"; );
+$ua->content_contains('logged in');
+
+$ua->get_ok( "http://localhost/set_session_variable/logged/in"; );
+$ua->content_contains('session variable set');
+
+
+# Change Client
+local $ENV{REMOTE_ADDR} = "192.168.1.2";
+
+$ua->get_ok( "http://localhost/get_session_variable/logged";);
+$ua->content_contains('VAR_logged=n.a.');
+
+# Inital Client
+local $ENV{REMOTE_ADDR} = "192.168.1.1";
+
+$ua->get_ok( "http://localhost/login_without_address"; );
+$ua->content_contains('logged in (without address)');
+
+$ua->get_ok( "http://localhost/set_session_variable/logged/in"; );
+$ua->content_contains('session variable set');
+
+# Change Client
+local $ENV{REMOTE_ADDR} = "192.168.1.2";
+
+$ua->get_ok( "http://localhost/get_session_variable/logged"; );
+$ua->content_contains('VAR_logged=in');
+
+
+
Index: lib/Catalyst/Plugin/Session.pm
===================================================================
--- lib/Catalyst/Plugin/Session.pm (Revision 14028)
+++ lib/Catalyst/Plugin/Session.pm (Arbeitskopie)
@@ -225,6 +225,7 @@
no warnings 'uninitialized'; # ne __address
if ( $c->_session_plugin_config->{verify_address}
+ && exists $session_data->{__address}
&& $session_data->{__address} ne $c->request->address )
{
$c->log->warn(
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
