create new tag
, view all tags

Around 28 Sept 2004, SessionPlugin was replaced by the impementation of SmartSessionPlugin.

Old SessionPlugin Dev feedback

Rewrite by Ted Pavlic

I completely rewrote SessionPlugin. My version uses CGI::Session (I could have used Apache::Session or PHP::Session; I picked CGI::Session since it "sounded" the most platform independent) and thus is quite a bit cleaner and less code. Oh, and I'm saving session files to '/tmp', but this is an arbitrary decision. Most '/tmp' get cleaned out at a reasonable interval (and only trash the old files), so it's a pretty safe bet that '/tmp' will probably be OK.

But that's not the only thing. I've changed how a number of things are organized so that now there is no need to have a logon script. I still support both the logon script and the stickskin stuff, but once the user has logged on via an authenticated page, the session automatically gets updated with the user's authenticated name and stays authenticated until the user closes his or her browser. This fixes a number of problems addressed in TWiki:Codev/BetterThandoRememberRemoteUser and TWiki:Codev/ImproveViewAuthentication.

For the moment, I'll attach here my updated SessionPlugin. However, I'm not ready to release it as a full-blown plugin just yet. I want to add one more configurable feature that will automagically scan through every link being sent to the user and will add:


for those users who do not have cookies available to them.

I really think this is an improvement on the older design. Any thoughts?

-- TedPavlic - 16 Jul 2003

The rewrite is almost complete. All of the old features of SessionPlugin are completely incorporated along with some new configuration options.

Check out the new documentation and implementation at SmartSessionPlugin. Note that the plugin is still called SessionPlugin since that name is hard coded into Beijing TWiki.

Hopefully in the next couple of days I'll finish the transparent session ID feature which will relieve the plugin from even needing cookies to operate (think PHP sessions).

Remember that the main purpose of this rewrite was to provide a clean way a plugin could solve all of the TWiki:Codev/ImproveViewAuthentication and TWiki:Codev/BetterThandoRememberRemoteUser type problems. It does that in its current form.

I look forward to feedback. (SmartSessionPluginDev also exists for feedback)

-- TedPavlic - 17 Jul 2003

The first real "release" of SmartSessionPlugin is available at SmartSessionPlugin. This version 2.102 fixes a number of bugs in the beta releases and finalizes some features. This should be a good replacement to SessionPlugin.

-- TedPavlic - 17 Aug 2003

Can you make it write something in the warning.txt in the event that CGI::Session is not installed? Thanks.

-- MartinCleaver - 23 Oct 2003

Any reason why this cannot be overwritten with SmartSessionPlugin for Cairo? If I hear no objections I'll do this by Wednesday.

-- MartinCleaver - 19 Jul 2004

Initialisation problems in old version

Please note that the problem 'Use of uninitialized value in string ne' reported below can have VERY SERIOUS consequences. On my system this causes a cron script running the bin/mailnotify script to effectively call...

chmod a+rwx /

...hence breaking sendmail (which will not accept world writeable directories for its config files), and further threatening system security. Thanks to JohnRouillard for reporting it, and to all the others for establishing patches. Sorry for promoting the date order of this comment, but it seems important enough for people not to miss.

-- CefnHoile - 22 Jul 2003

Has anybody else had a problem with the session plugin and skin selection? I have the SKIN variable set to tiger. I have SKINS set to tiger,plain,blue. I can start with the tiger skin. If I go to edit a page, I get the default skin despite there being an edit.tiger.tmpl available. I have failed in my efforts to debug the code as the writeDebug call appears to not be working properly.

I am using: Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.6 OpenSSL/0.9.5a mod_perl/1.24

I have mod_perl enabled.

I also get this message in the error_log:

null: Use of uninitialized value in
  string ne at ../lib/TWiki/Plugins/SessionPlugin.pm line 171.

I have tried putting in print and writeDebug statements to no avail. The line in question is marked below:

sub setSessionValueHandler
    my( $key, $value ) = @_;
    if( $sessionInfo{$key} ne $value ) {   # <-- line 171
        $sessionInfo{$key} = $value;
    return 1;

I have enabled debugging, and looked at the session file and they seem to have the right data in them. However if I choose attach file or edit from the tigerskin interface, I get the default interface and not the tigerskin.

Debug output from clicking on the edit button shows:

08 Dec 2001 - 02:04 - TWiki::Plugins::SessionPlugin sessionId from cookie = 1007794708-680998
08 Dec 2001 - 02:04 - TWiki::Plugins::SessionPlugin::initPlugin( TWiki.SessionPlugin ) is OK
08 Dec 2001 - 02:04 - TWiki::Plugins::TablePlugin::initPlugin( TWiki.SessionPlugin ) is OK
08 Dec 2001 - 02:04 - TWiki::Plugins::TigerSkinPlugin::initPlugin( TWiki.SessionPlugin ) is OK
08 Dec 2001 - 02:04 - TigerSkinPlugin::commonTagsHandler( TWiki.SessionPlugin )
08 Dec 2001 - 02:04 - TigerSkinPlugin::commonTagsHandler( TWiki.SessionPlugin )

The cookie file above only has user information in it, no skin info.

Now what is interesting is the cookie that has the skin in it is an entirely different cookie. Choosing change skin off the pulldown menu uses the proper skin in the debug messages:

08 Dec 2001 - 02:07 - TWiki::Plugins::SessionPlugin sessionId from cookie = 1007790795-405749
08 Dec 2001 - 02:07 - TWiki::Plugins::SessionPlugin::initPlugin( TWiki.SelectSkin ) is OK
08 Dec 2001 - 02:07 - TWiki::Plugins::TablePlugin::initPlugin( TWiki.SelectSkin ) is OK
08 Dec 2001 - 02:07 - TWiki::Plugins::TigerSkinPlugin::initPlugin( TWiki.SelectSkin ) is OK
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )
08 Dec 2001 - 02:07 - TigerSkinPlugin::commonTagsHandler( TWiki.SelectSkin )

Does anybody have any ideas? I assume that somebody must have it operating properly since I have't seen and problems like this posted. If you do haveit operting properly under mod_prel could you follow up to this message.


-- JohnRouillard - 08 Dec 2001

I do have the exact same problem as JohnRouillard. I think it is caused by the command line scripts not having a Query object to pass to TWiki::initialize() resulting in the session plugin not initiatilizing properly.

Has anyone found a fix for this problem? Can someone atleast confirm that other than me and Jogn others are also seeing this problem?

-- AshwinKumar - 24 Jun 2002

Here is my proposal for a fix to JohnRouillard & AshwinKumar's problems. The command line tools, like mailnotify, don't get a valid sessionId. I've taken that into account while trying to fix this. Please bear in mind that Perl is not my native tounge. Apply the patch like this:

www-data@vmlinux.org:~/twiki/lib/TWiki/Plugins$ zcat sessionId-bug-patch.diff.gz | patch -p0

Or use Emacs or do this by hand in some other mysterious fashion that applies to your environment.

-- JoachimNilsson - 16 Sep 2002

Could someone apply my patch of 20 Apr 2002 to this plugin, and upload it as a separate version that will work with BeijingRelease or later? Without this, people are getting a MultipleContentTypeHeaders problem - see that topic for comments, the plugin should really check the plugin API version to know how to output the header.

-- RichardDonkin - 23 Jan 2003

Clean Sessions functionality

From SessionPlugin: Session files are stored in data/.session/, you'll need a cron job to delete old ones.

Why not add to the start / initialization of the skin some code to remove old sessions files?

  • the plugin is called often enough to keep everything pretty clean
  • virtual no impact on performance
  • let the plugin take care of it's temporary data files
  • no need for external housecleaning jobs

-- HansDonner - 25 Sep 2001

Regarding the cluttering of data/.session/:

I've attached a Perl program, cleansessions, that can be placed in bin/ and either executed directly from a command line or called as a CGI from a browser. It deletes all session files that are

  • 0 bytes in length
  • Older than a certain configurable number of seconds, or
  • Obsoleted by newer sessions with the same username

I prefer this method of keeping data/.session/ clean, as it doesn't have to place a load on the WebServer software, and it won't slow the system exponentially as the number of active users increases (n users logging in, causing a built-in cleanup routine to be executed n times, each time processing n files).

-- KirkStrauser - 11 Sep 2002

cleansessions (attached) does not work for me (Feb 03 version). This functionality really ought be built into the next release. How do you clean these out?

-- MartinCleaver - 02 Mar 2004

Topic revision: r1 - 2004-10-03 - MartinCleaver
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.