I have tried using the CGI::Session module to create a cookie for each user logged into my website.
And it works just fine.
The problem is, I can't remove the cookie using $session->delete() and $session->flush() when I try to log out.
Here's my full code:
https://xxxx.xxx/LogIn/cgi-bin/login.cgi
#!/usr/bin/perl
use warnings;
use CGI;
use DBI;
use DBD::mysql;
use CGI::Session '-ip_match';
local ($buffer, @pairs, $pair, $name, $value, %FORM);
# Read in text
$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;
if ($ENV{'REQUEST_METHOD'} eq "POST") {
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
} else {
$buffer = $ENV{'QUERY_STRING'};
}
# Split information into name/value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%(..)/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$email = $FORM{emailAddress}; # get these from LogIn/index.html
$password = $FORM{password};
$myConnection = DBI->connect("DBI:mysql:xxxxxxxxxx:localhost","xxxxxxx
+xxxxxx","xxxxxxxxxxxxxxx");
my @row = ();
$sql = "SELECT COUNT(*) FROM xxxxxxxxxxxxxxx.UserDatabase
WHERE EmailAddress = ?
AND password = ?";
$sth = $myConnection->prepare($sql);
$sth->execute;
$sth->finish;
if($myConnection->selectcol_arrayref($sql, undef, $email, $password)->
+[0] == 1)
{
# create a new session
$session = CGI::Session->new(undef, undef, {Directory=>'../TEMPDIR
+/sessions'});
# access data
$session->param($email);
# expiration
$session->expire('+1M');
# bake a cookie
print $session->header("Location: https://xxxx.xxx/dashboard/index
+.cgi");
}
else
{
my $query = new CGI;
print $query->redirect('https://xxxx.xxx/LogIn/index.html');
}
https://xxxx.xxx/dashboard/index.cgi
#!/usr/bin/perl
use warnings;
use CGI::Session '-ip_match';
$session = CGI::Session->load();
print "Content-type: text/html\r\n\r\n";
print qq|
# all the html stuffs here
<a href='cgi-bin/logout.cgi'>Log out</a>
|;
https://xxxx.xxx/dashboard/cgi-bin/logout.cgi
#/usr/bin/perl
use warnings;
use CGI::Session;
print $session->header("Location: https://xxxx.xxx/index.html");
$session->clear(["email"]);
$session->delete();
P.S. I'm quite new at backend web development. Without using any Content Management System(CMS), am I doing things right?
P.P.S. I'm not trying to create a porn site here.