Home/ Questions/Q 9170903
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T16:05:28+00:00

I have a Mojolicious application and a bridge for authentication. This is my scenario:

  • 0

I have a Mojolicious application and a bridge for authentication. This is my scenario:

I have a set of standard error response in the database which I query by passing in a value, say, return a 404 with a detailed error response. The database would have common details the correspond to the error while other user specific details such as ip and user name is obtained from the controller. Kindly have a look at this link on how the error response is built.
I have a helper which gets an instance of the controller and error code to generate the required response. I use the controller object to query the db through the resultset of the table that contains the error response. Through the controller I also get the user specific details required to create the response. The response is then created, sent back to the controller which is then returned as a Json.

My problem is on log out, I set $self->session(expires => 1) which invalidates the session. On an attempt to logout again, I use the controller to access the helper build an error response and send it to the client. Now any attempt to access any of the URI is made futile for the first attempt by the following check.

unless($self->session('user')) {
    my $res = Controller::Helper->error_res($self, 403);
    $self->render_json($res, status => $res->{httpstatuscode});
    return;
    }

This check works for the first time, but when I try to access the resource again(any number of times), this check fails and the resource is accessed without login. When i look at the cookie a new cookie is created. Where am I going wrong here? And what would be the best way to handle such issues?
The helper function looks like this 

error_res{ 
    my($self,$c,$res) = @_; 
    my @arref = $c->db->resultset('Errorcode')->select_row($res);
    my $ref=$arref[0];
    $ref->{user}=$c->session->{user}->{name};
    $ref->{request}=$c->req->method."".join("\\",$c->req->url->path);
    $ref->{time}=scalar localtime();
    return $ref;
}

Where res is and id in the database that would identify the particular error.

So, is it to do with reference of controller still being available in the helper? When I undef $c in helper it does not help.

Edit 1: Am I missing some point here and is this the right way?

Edit 2: I invalidate the user on logout. When the user tries to logout again I return an error with additional information about the error. But while creating the additional information about the error, a new session is created with no user info. This does not happen if I do the following 

unless($self->session('user')) {
    $self->render_json("message:User has not logged in", status => 403);
    return;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So I figured out the answer, the odd behavior was due do the autovivification feature of perl. It involves dynamic creation of data structures. In my case, I try to get the name of the user through the session cookie at 

    $ref->{user}=$c->session->{user}->{name};

    When the user is not logged in, user key is not set in the session but I try to get name through this key when creating the error response. This results in the creation of user with no value. A check on if the user key exists solved the issue.

    • 0