diff --git a/core/data/System/ReleaseNotes02x00.txt b/core/data/System/ReleaseNotes02x00.txt
index 44fd6700eb..769ed78bc5 100644
--- a/core/data/System/ReleaseNotes02x00.txt
+++ b/core/data/System/ReleaseNotes02x00.txt
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="ProjectContributor" date="1438012719" format="1.1" version="1"}%
+%META:TOPICINFO{author="ProjectContributor" date="1438198562" format="1.1" version="1"}%
%META:TOPICPARENT{name="ReleaseHistory"}%
---+!! Foswiki Release 2.0.1 RC1
@@ -57,6 +57,22 @@ Foswiki 2.0 is shipped with the following: ( __New to Foswiki 2.0__ )
* *Compatibility support* - TWikiCompatibilityPlugin
#Release02x00Changes
+
+---++ Important changes in 2.0.1
+
+Foswiki 2.0.1 has changed how the =working/tmp/cgisess_*= files are stored.
+This is needed to better accommodate user names with international
+characters. If old files exist and users still have a matching session cookie,
+then their access attempts will fail with a 500 internal server error.
+
+%X% *ACTION REQUIRED:* After applying the changes in
+Foswiki 2.0.1, *you must delete all =cgisess_*= files from the =working/tmp= directory.*
+
+If you are unable to access the server to do this, users will have to clear
+their cookies to gain access to Foswiki.
+
+This change addresses [[%BUGS%/Item13563][Item13563]]
+
---++ Changes in requirements
diff --git a/core/lib/Foswiki/LoginManager.pm b/core/lib/Foswiki/LoginManager.pm
index fe1fa2e084..5b5ccd2ac6 100644
--- a/core/lib/Foswiki/LoginManager.pm
+++ b/core/lib/Foswiki/LoginManager.pm
@@ -54,6 +54,7 @@ use Assert;
use Error qw( :try );
use Foswiki::Sandbox ();
+use CGI::Session ();
BEGIN {
if ( $Foswiki::cfg{UseLocale} ) {
@@ -74,6 +75,8 @@ our %readOnlySK = ( %secretSK, AUTHUSER => 1, SUDOFROMAUTHUSER => 1 );
use constant TRACE => $Foswiki::cfg{Trace}{LoginManager} || 0;
+use constant CGIDRIVER => 'driver:File;serializer:Storable';
+
# GusestSessions should default to enabled, since much of Foswiki depends on
# having a valid session.
my $guestSessions =
@@ -1095,8 +1098,11 @@ sub _loadCreateCGISession {
oct(777) - ( ( $Foswiki::cfg{Session}{filePermission} + 0 ) ) &
oct(777) );
- my $newsess = Foswiki::LoginManager::Session->new(
- undef, $sid,
+ my $newsess;
+
+ $newsess = Foswiki::LoginManager::Session->new(
+ CGIDRIVER,
+ $sid,
{
Directory => $sessionDir,
UMask => $Foswiki::cfg{Session}{filePermission}
@@ -1562,24 +1568,26 @@ sub removeUserSessions {
ASSERT($user) if DEBUG;
my $msg = '';
+ CGI::Session->find(
+ CGIDRIVER,
+ sub { purge_user( @_, $user, $msg ) },
+ {
+ Directory => "$Foswiki::cfg{WorkingDir}/tmp",
+ UMask => $Foswiki::cfg{Session}{filePermission},
+ }
+ );
- opendir( my $tmpdir, "$Foswiki::cfg{WorkingDir}/tmp" ) || return '';
- foreach my $fn ( grep( /^cgisess_/, readdir($tmpdir) ) ) {
- my ($file) = $fn =~ m/^(cgisess_.*)$/;
-
- open my $sessfile, '<', "$Foswiki::cfg{WorkingDir}/tmp/$file"
- or next;
- while (<$sessfile>) {
- if (m/'AUTHUSER' => '$user'/) {
- close $sessfile;
- unlink "$Foswiki::cfg{WorkingDir}/tmp/$file";
- $msg .= $file . ', ';
- last;
- }
+ sub purge_user {
+
+ #my ($session, $user, $msg) = @_;
+ next if $_[0]->is_empty; # <-- already expired?!
+ if ( $_[0]->param('AUTHUSER') && $_[0]->param('AUTHUSER') eq $_[1] ) {
+ $_[2] .= 'cgisess_' . $_[0]->id() . ',';
+ $_[0]->delete();
+ $_[0]->flush()
+ ; # Recommended practice says use flush() after delete().
}
- close $sessfile if $sessfile;
}
- closedir $tmpdir;
return $msg;
}
@@ -1587,7 +1595,7 @@ sub removeUserSessions {
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
-Copyright (C) 2008-2014 Foswiki Contributors. Foswiki Contributors
+Copyright (C) 2008-2015 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.