Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

CGI::Session cookie won't delete

by underTheRadar (Acolyte)
on Mar 21, 2019 at 02:31 UTC ( [id://1231515]=perlquestion: print w/replies, xml ) Need Help??

underTheRadar has asked for the wisdom of the Perl Monks concerning the following question:

I have tried using the CGI::Session module to create a cookie for each user logged into my website.

And it works just fine.

The problem is, I can't remove the cookie using $session->delete() and $session->flush() when I try to log out.

Here's my full code:
https://xxxx.xxx/LogIn/cgi-bin/login.cgi

#!/usr/bin/perl use warnings; use CGI; use DBI; use DBD::mysql; use CGI::Session '-ip_match'; local ($buffer, @pairs, $pair, $name, $value, %FORM); # Read in text $ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/; if ($ENV{'REQUEST_METHOD'} eq "POST") { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } else { $buffer = $ENV{'QUERY_STRING'}; } # Split information into name/value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%(..)/pack("C", hex($1))/eg; $FORM{$name} = $value; } $email = $FORM{emailAddress}; # get these from LogIn/index.html $password = $FORM{password}; $myConnection = DBI->connect("DBI:mysql:xxxxxxxxxx:localhost","xxxxxxx +xxxxxx","xxxxxxxxxxxxxxx"); my @row = (); $sql = "SELECT COUNT(*) FROM xxxxxxxxxxxxxxx.UserDatabase WHERE EmailAddress = ? AND password = ?"; $sth = $myConnection->prepare($sql); $sth->execute; $sth->finish; if($myConnection->selectcol_arrayref($sql, undef, $email, $password)-> +[0] == 1) { # create a new session $session = CGI::Session->new(undef, undef, {Directory=>'../TEMPDIR +/sessions'}); # access data $session->param($email); # expiration $session->expire('+1M'); # bake a cookie print $session->header("Location: https://xxxx.xxx/dashboard/index +.cgi"); } else { my $query = new CGI; print $query->redirect('https://xxxx.xxx/LogIn/index.html'); }

https://xxxx.xxx/dashboard/index.cgi

#!/usr/bin/perl use warnings; use CGI::Session '-ip_match'; $session = CGI::Session->load(); print "Content-type: text/html\r\n\r\n"; print qq| # all the html stuffs here <a href='cgi-bin/logout.cgi'>Log out</a> |;

https://xxxx.xxx/dashboard/cgi-bin/logout.cgi

#/usr/bin/perl use warnings; use CGI::Session; print $session->header("Location: https://xxxx.xxx/index.html"); $session->clear(["email"]); $session->delete();

P.S. I'm quite new at backend web development. Without using any Content Management System(CMS), am I doing things right?

P.P.S. I'm not trying to create a porn site here.

Replies are listed 'Best First'.
Re: CGI::Session cookie won't delete
by hippo (Bishop) on Mar 21, 2019 at 10:24 UTC

    You have not declared $session in logout.cgi. strict would have caught that - always use strict! Also, always read the error log as the warnings which would also alert you to this bug will be in there.

      Here's the updated code:

      #!/usr/bin/perl use warnings; use CGI::Session '-ip_match'; use CGI; my $session = CGI::Session->load(); $session->delete(); $session->flush(); my $url = "https://xxxx.xxx"; print "Location: $url \n\n";

      And it's still not working

      2019-03-31 Athanasius changed <h1> to <h3>

        And you still haven't used strict. Why is that?

        Just because you fix one bug it does not mean that your code is now bug-free nor does it mean that your algorithm has been correctly coded. You said:

        The problem is, I can't remove the cookie using $session->delete() and $session->flush() when I try to log out.

        How do you expect either of those methods to delete a cookie from the jar when you are printing the response headers by hand? That's not going to happen. Either look in the code and/or the documentation and determine how you can delete a cookie using the module methods or else do it yourself in the headers if that's the way you prefer.

        Or alternatively, just don't worry that a browser still has a cookie for a now-deleted session because it's not like they can do anything with it.

        Either way, at least you are now deleting the session which you were not before.

Re: CGI::Session cookie won't delete
by rizzo (Curate) on Mar 21, 2019 at 08:37 UTC

    Did you try to call $session->flush() after $session->delete() as recommended in the docs?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1231515]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (7)
As of 2024-03-28 19:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found