#!/usr/bin/perl
use strict; use warnings; 
select STDOUT; $| = 1;

  my $session_dir='/home/huck/monks-sessions';  # must exist and be writeable by www userid 
  my $expires='+1m'; # '+7d' '+1h' ; 

  my $cookieexpires=$expires; 


  use CGI;

  use CGI::Session;
  use CGI::Cookie;

  my $session; 
  my $notloggedin=''; 
  my $cookies; 

  my %passwords=(admin=>'admin',huck=>'huck'); 
  my $cgi = CGI->new;

  my $tssid  = $cgi->cookie('TSSID');
  my $timelast; 

  unless ($tssid){ 
      my $userid  =$cgi->param('userid');
      my $password=$cgi->param('password');
      $userid=''   unless ($userid); 
      $password='' unless ($password); 
      unless ( $userid)                             {$notloggedin='Please Login';}  
      elsif  (! $passwords{$userid})                {$notloggedin='Bad Userid';}  
      elsif  ($password  ne $passwords{$userid})    {$notloggedin='Bad Password';}  
      else { 
          $session = CGI::Session->new(undef, undef, {Directory=>$session_dir});
          $cookies = [CGI::Cookie->new(-name    =>  'TSSID',
                                        -value   =>  $session->id, 
                                        -expires =>  $cookieexpires
                                       )];
          $session->expires($expires);
          $session->param('user_id',$userid);
          $session->param('timein'  , time);
          $session->param('timelast', time);
          $timelast=time; 
          $session->flush(); 
          } # ok  
      } # no tssid 
  else { 
      $session = CGI::Session->load(undef, $tssid, {Directory=>$session_dir});
      if ( $session->is_expired )    { 
          $notloggedin='login expired ' ; 
          $session->delete(); 
          $session->flush();
          } 
      elsif ( $session->is_empty )   { $notloggedin='login not found';} 
      else { 
          $cookies = [CGI::Cookie->new(-name    =>  'TSSID',
                                        -value   =>  $session->id, 
                                        -expires =>  $cookieexpires
                                       )];
          $timelast=$session->param('timelast'); 
          $session->param('timelast', time);
          $session->flush(); 
          } 
      } 

  if ($notloggedin){ 
      $cookies = [$cgi->cookie(TSSID => '')];
      print $cgi->header(-cookie=>$cookies); 

      print '<html><head><title>Must login</title></head><body>'."\n"; 
      print '<h1>Must login</h1>'."\n"; 
      print '<h3>'.$notloggedin.'</h3>'."\n"; 

      print '<form method="POST">'."\n"; 
      print 'Userid:<input type="text" name="userid">'."\n"; 
      print ' Password:<input type="text" name="password">'."\n"; 
      print '<input type="submit" value="Login">'."\n"; 
      print '</form>'."\n"; 
      } 
  else { 
      if ($cookies) {print $cgi->header(-cookie=>$cookies); } 
      else { print $cgi->header(); } 
      print '#html content after seccessfully login'; 
      print '<br>hi '.$session->param('user_id');
      print ' loggedin for '.(time-$session->param('timein')).' seconds';
      print ' last seen '.(time-$timelast).' seconds ago';
      } 
  print '</body></html>'; 
  CGI::Session->find(undef ,sub {} ,{Directory=>$session_dir}); # clean expired sessions