make test fails with C:P:Session:State::Cookie

> this is all a brand new install on ubuntu 7, so all deps should be
> most recent off my mirror. any ideas?
>
>
>
> root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
> perl Makefile.PL
> Checking if your kit is complete...
> Looks good
> Writing Makefile for Catalyst::Plugin::Session::State::Cookie
> root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07# make
> cp lib/Catalyst/Plugin/Session/State/Cookie.pm
> blib/lib/Catalyst/Plugin/Session/State/Cookie.pm
> Manifying blib/man3/Catalyst::Plugin::Session::State::Cookie.3pm
> root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
> make test
> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> t/01use............ok
> t/02pod............skipped
>         all skipped: set TEST_POD to enable this test
> t/03podcoverage....skipped
>         all skipped: Test::Pod::Coverage 1.04 required
> t/basic............ok
> t/live_app.........ok 1/0
> #   Failed test 'cookie expiration was extended'
> #   at t/live_app.t line 72.
> #     '1189038714'
> #         <
> #     '1189038714'
> t/live_app.........NOK 9# Looks like you failed 1 test of 11.
> t/live_app.........dubious
>         Test returned status 1 (wstat 256, 0x100)
> DIED. FAILED test 9
>         Failed 1/11 tests, 90.91% okay
> Failed Test  Stat Wstat Total Fail  Failed  List of Failed
> -------------------------------------------------------------------------------
> t/live_app.t    1   256    11    1   9.09%  9
> 2 tests skipped.
> Failed 1/5 test scripts, 80.00% okay. 1/25 subtests failed, 96.00% okay.
> make: *** [test_dynamic] Error 1
>
>
>
>
> root@ubuntu7-vm:~# perl -V
> Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
>   Platform:
>     osname=linux, osvers=2.6.15.7, archname=i486-linux-gnu-thread-multi
>     uname='linux rothera 2.6.15.7 #1 smp sat sep 30 10:21:42 utc 2006
> i686 gnulinux '
>     config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
> -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
> -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
> -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
> -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
> -Dsitelib=/usr/local/share/perl/5.8.8
> -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1
> -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
> -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
> -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
> -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
>     hint=recommended, useposix=true, d_sigaction=define
>     usethreads=define use5005threads=undef useithreads=define
> usemultiplicity=define
>     useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
>     use64bitint=undef use64bitall=undef uselongdouble=undef
>     usemymalloc=n, bincompat5005=undef
>   Compiler:
>     cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
> -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include
> -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
>     optimize='-O2',
>     cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
> -fno-strict-aliasing -pipe -I/usr/local/include'
>     ccversion='', gccversion='4.1.2 (Ubuntu 4.1.2-0ubuntu4)', gccosandvers=''
>     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
>     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
>     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
> lseeksize=8
>     alignbytes=4, prototype=define
>   Linker and Libraries:
>     ld='cc', ldflags =' -L/usr/local/lib'
>     libpth=/usr/local/lib /lib /usr/lib
>     libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
>     perllibs=-ldl -lm -lpthread -lc -lcrypt
>     libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
>     gnulibc_version='2.5'
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
>     cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
>
>
> Characteristics of this binary (from libperl):
>   Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
>                         PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
>                         USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
>   Built under linux
>   Compiled at Mar  6 2007 01:40:14
>   @INC:
>     /etc/perl
>     /usr/local/lib/perl/5.8.8
>     /usr/local/share/perl/5.8.8
>     /usr/lib/perl5
>     /usr/share/perl5
>     /usr/lib/perl/5.8
>     /usr/share/perl/5.8
>     /usr/local/lib/site_perl
>     .
> root@ubuntu7-vm:~#
>

> I just forwarded this to Yuval.
>
>
> On 9/6/07, Daniel McBrearty <danielmcbrearty@...> wrote:
> > this is all a brand new install on ubuntu 7, so all deps should be
> > most recent off my mirror. any ideas?
> >
> >
> >
> > root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
> > perl Makefile.PL
> > Checking if your kit is complete...
> > Looks good
> > Writing Makefile for Catalyst::Plugin::Session::State::Cookie
> > root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07# make
> > cp lib/Catalyst/Plugin/Session/State/Cookie.pm
> > blib/lib/Catalyst/Plugin/Session/State/Cookie.pm
> > Manifying blib/man3/Catalyst::Plugin::Session::State::Cookie.3pm
> > root@ubuntu7-vm:~/.cpan/build/Catalyst-Plugin-Session-State-Cookie-0.07#
> > make test
> > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
> > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> > t/01use............ok
> > t/02pod............skipped
> >         all skipped: set TEST_POD to enable this test
> > t/03podcoverage....skipped
> >         all skipped: Test::Pod::Coverage 1.04 required
> > t/basic............ok
> > t/live_app.........ok 1/0
> > #   Failed test 'cookie expiration was extended'
> > #   at t/live_app.t line 72.
> > #     '1189038714'
> > #         <
> > #     '1189038714'
> > t/live_app.........NOK 9# Looks like you failed 1 test of 11.
> > t/live_app.........dubious
> >         Test returned status 1 (wstat 256, 0x100)
> > DIED. FAILED test 9
> >         Failed 1/11 tests, 90.91% okay
> > Failed Test  Stat Wstat Total Fail  Failed  List of Failed
> > -------------------------------------------------------------------------------
> > t/live_app.t    1   256    11    1   9.09%  9
> > 2 tests skipped.
> > Failed 1/5 test scripts, 80.00% okay. 1/25 subtests failed, 96.00% okay.
> > make: *** [test_dynamic] Error 1
> >
> >
> >
> >
> > root@ubuntu7-vm:~# perl -V
> > Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
> >   Platform:
> >     osname=linux, osvers=2.6.15.7, archname=i486-linux-gnu-thread-multi
> >     uname='linux rothera 2.6.15.7 #1 smp sat sep 30 10:21:42 utc 2006
> > i686 gnulinux '
> >     config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
> > -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
> > -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
> > -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
> > -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
> > -Dsitelib=/usr/local/share/perl/5.8.8
> > -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1
> > -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
> > -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
> > -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
> > -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
> >     hint=recommended, useposix=true, d_sigaction=define
> >     usethreads=define use5005threads=undef useithreads=define
> > usemultiplicity=define
> >     useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> >     use64bitint=undef use64bitall=undef uselongdouble=undef
> >     usemymalloc=n, bincompat5005=undef
> >   Compiler:
> >     cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
> > -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include
> > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
> >     optimize='-O2',
> >     cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
> > -fno-strict-aliasing -pipe -I/usr/local/include'
> >     ccversion='', gccversion='4.1.2 (Ubuntu 4.1.2-0ubuntu4)', gccosandvers=''
> >     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
> >     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
> >     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
> > lseeksize=8
> >     alignbytes=4, prototype=define
> >   Linker and Libraries:
> >     ld='cc', ldflags =' -L/usr/local/lib'
> >     libpth=/usr/local/lib /lib /usr/lib
> >     libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
> >     perllibs=-ldl -lm -lpthread -lc -lcrypt
> >     libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
> >     gnulibc_version='2.5'
> >   Dynamic Linking:
> >     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
> >     cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
> >
> >
> > Characteristics of this binary (from libperl):
> >   Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
> >                         PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
> >                         USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
> >   Built under linux
> >   Compiled at Mar  6 2007 01:40:14
> >   @INC:
> >     /etc/perl
> >     /usr/local/lib/perl/5.8.8
> >     /usr/local/share/perl/5.8.8
> >     /usr/lib/perl5
> >     /usr/share/perl5
> >     /usr/lib/perl/5.8
> >     /usr/share/perl/5.8
> >     /usr/local/lib/site_perl
> >     .
> > root@ubuntu7-vm:~#
> >
>
>
> --
> Daniel McBrearty
> email : danielmcbrearty at gmail.com
> http://www.engoi.com
> http://danmcb.vox.com
> http://danmcb.blogger.com
> find me on linkedin and facebook
> BTW : 0873928131
>

> Daniel McBrearty wrote:
>
> > ok, i searched the list but stupidly didn't look at cpan bugtracker
> > ... it is a reported bug. in fact there seem to be several issues with
> > the live_app.t in 0.07
> >
> > what's the implication? sessions will time out even if though the user
> > has revisited?
>
> Exactly (because the cookie expire time is not updated, despite the
> accesses - so you have a fixed-duration session).
>
> This is the documented behaviour though:
> http://search.cpan.org/~nuffin/Catalyst-Plugin-Session-0.18/lib/Catalyst/Plugin/Session.pm#METHODS
>
> (see: session_expires $reset)
>
> But then we have another problem (or two):
>
> first, the session_expires method really does not take any argument (any
> argument passed to it is simply ignored - have a look at the source).
> This may seem at first only a documentation bug, but it implies that any
> time you call session_expires(), even with no arguments (for example
> only to get the session expire time), you have this undocumented
> side-effect which extends the session duration.
>
> Second, for fixed duration sessions, the session expiration control
> relies solely on the presence of the cookie sent by the browser: so a
> user can turn a fixed duration session into an extended session simply
> by editing the cookie expire time (this is a security bug IMO).
>
> I've got a fix for these problems, which basically just restores what
> the docs have always said (so it should break no existing code) and it
> also eliminates the security bug, but I'm waiting for the author to see
> if he approves that approach or if he prefers to get rid of the fixed
> duration sessions at all and have only extended sessions by default (as
> the mentioned live_app.t test seems to imply).
>
> (Actually, the current code seems to be half-way between this two
> choices, so to say...)
>
> Anyway, if you have time, any further research would be interesting.
>
> Cheers,
> Emanuele.
>
> _______________________________________________
> List: Catalyst@...
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@.../
> Dev site: http://dev.catalyst.perl.org/
>