From: Tomas Doran <bobtfish@bobtfish.net>
Date: Thu, 29 Oct 2009 09:50:54 +0000 (+0000)
Subject: Fix session fixation tests, kentnl++
X-Git-Tag: v0.28~1
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Plugin-Session.git;a=commitdiff_plain;h=836b0a11e79fa4bae9dd5e72f5a6f9222b40edc9

Fix session fixation tests, kentnl++
---

diff --git a/Changes b/Changes
index 011dcee..5b9f04a 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for Perl extension Catalyst::Plugin::Session
 
+0.28 2009-10-29
+        - Fix session fixation test with LWP 5.833 by calling $cookie_jar->set_cookie
+          rather than manually stuffing the cookie in the request.
+
 0.27 2009-10-08
         - Release 0.26_01 as stable without further changes.
 
diff --git a/lib/Catalyst/Plugin/Session.pm b/lib/Catalyst/Plugin/Session.pm
index bc9eb24..d1ab3ac 100644
--- a/lib/Catalyst/Plugin/Session.pm
+++ b/lib/Catalyst/Plugin/Session.pm
@@ -13,7 +13,7 @@ use Carp;
 
 use namespace::clean -except => 'meta';
 
-our $VERSION = '0.27';
+our $VERSION = '0.28';
 $VERSION = eval $VERSION;
 
 my @session_data_accessors; # used in delete_session
@@ -1104,6 +1104,10 @@ Sergio Salvi
 
 kmx C<kmx@volny.cz>
 
+Florian Ragwitz (rafl) C<rafl@debian.org>
+
+Kent Fredric (kentnl)
+
 And countless other contributers from #catalyst. Thanks guys!
 
 =head1 COPYRIGHT & LICENSE
diff --git a/t/live_session_fixation.t b/t/live_session_fixation.t
index 3eeb3e9..cda60c9 100644
--- a/t/live_session_fixation.t
+++ b/t/live_session_fixation.t
@@ -25,16 +25,19 @@ use lib "t/lib";
 use Test::WWW::Mechanize::Catalyst "SessionTestApp";
 
 #try completely random cookie unknown for our application; should be rejected
-my $injected_cookie = "sessiontestapp_session=89c3a019866af6f5a305e10189fbb23df3f4772c";
+my $cookie_name = 'sessiontestapp_session';
+my $cookie_value = '89c3a019866af6f5a305e10189fbb23df3f4772c';
+my ( @injected_cookie ) = ( 1, $cookie_name , $cookie_value ,'/', undef, 0, undef, undef, undef, {} );
+my $injected_cookie_str = "${cookie_name}=${cookie_value}";
 
 my $ua1 = Test::WWW::Mechanize::Catalyst->new;
-$ua1->add_header('Cookie' => $injected_cookie);
+$ua1->cookie_jar->set_cookie( @injected_cookie );
 
 my $res = $ua1->get( "http://localhost/login" );
 my $cookie1 = $res->header('Set-Cookie');
 
 ok $cookie1, "Set-Cookie 1";
-isnt $cookie1, qr/$injected_cookie/, "Logging in generates us a new cookie";
+isnt $cookie1, qr/$injected_cookie_str/, "Logging in generates us a new cookie";
 
 $ua1->get( "http://localhost/get_sessid" );
 my $sid1 = $ua1->content;
@@ -78,7 +81,7 @@ $ua1->get( "http://localhost/dump_session" );
 
 #try to use old cookie value (before session_id_change)
 my $ua2 = Test::WWW::Mechanize::Catalyst->new;
-$ua2->add_header('Cookie' => $cookie1);
+$ua2->cookie_jar->set_cookie( @injected_cookie );
 
 #if we take old cookie we should not be able to get any old session data
 $ua2->get( "http://localhost/get_session_variable/var1");