I am finally making an effort to do some serious testing of my applications, and, starting with advice given to me here, began to try writing tests for my basic modules.

Part of my setup includes ensuring that a user is logged in, a process which involves setting a CGI cookie holding the value of a server-side session ID that contains info on the user's access level, etc., held in a database. I had had some difficulty with part of this, as discussed in my thread OO: Leaving a constructor midway?; I ultimately "solved" it, if solve it I did, by handling the login and validation in a subclass and leaving the actual blessing in a superclass.

In that node, pdcawley warned about the difficulty of testing this, and it is now coming true. In order for me to test the module I need to be accessing over the Web. I am also writing tests using WWW::Mechanize, but I want to be able to test the module on its own. Yet doing this would require (a) a CGI-held cookie holding (b) an existing session and (c) the ability to fake this from a test script. My login code, for example, looks roughly like this:

# look for cookie containing session ID and read the
  # corresponding session record; expire session automatically
  # if it's too old

  if (defined($sess_id = CGI::cookie($self->{cookie_name}))) {
    $sess_ref = WebDB::Session->open_with_expiration($self->{config},u
+ndef,$sess_id);
  }

  $self->{sess_ref} = $sess_ref; # store session reference in $self

   # bounce user to login page if not currently logged in
  if (!defined($self->{sess_ref})) {
    print CGI::redirect(-uri=>$self->{bounce_uri}); exit(0);
  }
[download]

Suggestions to change the way the module validates users would seem to be off the mark, because I do need to validate them, and I thus need to test that. And it's not possible to skip the validation, even for testing purposes, because this module requires having a bunch of info that needs to come from the session.

I'd be grateful for any thoughts wiser monks have.