[Koha-bugs] [Bug 29942] New: Spurious commit in mysql session storage
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 25 16:08:38 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29942
Bug ID: 29942
Summary: Spurious commit in mysql session storage
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Database
Assignee: koha-bugs at lists.koha-community.org
Reporter: andreas.jonsson at kreablo.se
QA Contact: testopia at bugs.koha-community.org
The DBI storage driver for CGI::Session
commits any on-going transactions in its destructor subroutine.
Consequently if SessionStorage is set to mysql, instantiating a
session and assigning it to a local variable inside a transaction will
unexpectedly cause the transaction to be committed as illustrated by
the below script.
I have reported this issue upstream and created pull requests but it
is unclear if anyone is maintaining CGI::Session.
https://rt.cpan.org/Ticket/Display.html?id=140855
https://github.com/cromedome/cgi-session/pull/5
We should maybe consider maintaining our own fork of CGI::Session.
#!/usr/bin/perl -w
use DBI;
use C4::Auth;
use Koha::Database;
use strict;
my $dbh = C4::Context->dbh;
my $schema = Koha::Database->schema;
print "SessionStorage: '" . C4::Context->preference('SessionStorage') . "'\n";
sub test {
my $session = C4::Auth::get_session("");
}
$dbh->do("CREATE TABLE IF NOT EXISTS `tmp_test_cgi_session` (foo TINYTEXT)");
eval {
$schema->txn_do(sub {
my $sth = $dbh->prepare("INSERT INTO `tmp_test_cgi_session` VALUES
('foo')");
$sth->execute();
test();
die "error";
});
};
if ($@) {
print $@, "\n";
}
my $sth = $dbh->prepare("SELECT * FROM `tmp_test_cgi_session`;");
$sth->execute();
# The INSERT of the foo row should have been rolled back, but isn't when
# SessionStorage is 'mysql'.
while (my $row = $sth->fetchrow_arrayref) {
print $row->[0], "\n";
}
$dbh->do("DROP TABLE `tmp_test_cgi_session`");
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list