[Koha-bugs] [Bug 29942] New: Spurious commit in mysql session storage

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Jan 25 16:08:38 CET 2022 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29942

            Bug ID: 29942
           Summary: Spurious commit in mysql session storage
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: Database
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: andreas.jonsson at kreablo.se
        QA Contact: testopia at bugs.koha-community.org

The DBI storage driver for CGI::Session
commits any on-going transactions in its destructor subroutine.

Consequently if SessionStorage is set to mysql, instantiating a
session and assigning it to a local variable inside a transaction will
unexpectedly cause the transaction to be committed as illustrated by
the below script.

I have reported this issue upstream and created pull requests but it
is unclear if anyone is maintaining CGI::Session.

https://rt.cpan.org/Ticket/Display.html?id=140855
https://github.com/cromedome/cgi-session/pull/5

We should maybe consider maintaining our own fork of CGI::Session.    

#!/usr/bin/perl -w

use DBI;
use C4::Auth;
use Koha::Database;

use strict;

my $dbh = C4::Context->dbh;
my $schema = Koha::Database->schema;

print "SessionStorage: '" . C4::Context->preference('SessionStorage') . "'\n";

sub test {
    my $session = C4::Auth::get_session("");
}

$dbh->do("CREATE TABLE IF NOT EXISTS `tmp_test_cgi_session` (foo TINYTEXT)");

eval {
    $schema->txn_do(sub {
        my $sth = $dbh->prepare("INSERT INTO `tmp_test_cgi_session` VALUES
('foo')");
        $sth->execute();

        test();

        die "error";
    });
};

if ($@) {
    print $@, "\n";
}

my $sth = $dbh->prepare("SELECT * FROM `tmp_test_cgi_session`;");
$sth->execute();

# The INSERT of the foo row should have been rolled back, but isn't when 
# SessionStorage is 'mysql'. 
while (my $row = $sth->fetchrow_arrayref) {
    print $row->[0], "\n"; 
}

$dbh->do("DROP TABLE `tmp_test_cgi_session`");

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.

More information about the Koha-bugs mailing list