#!/usr/bin/perl -T use strict; package sessionTest; use Apache::Session::File; use CGI::Safe qw/ taint :standard :html3 :html4 /; use CGI::Carp qw/ fatalsToBrowser /; my $query = CGI::Safe->new; my $sessionCookie; my %session; my $id; my $sessionID; my $scriptName = $query->self_url; $scriptName =~ s/\?.*//; $sessionCookie = $query->cookie(-name=>'sessionTest'); if (defined($sessionCookie)) { if ($query->url_param('keywords') =~ /logout/) { # in here $sessionCookie actually contains the value of the cookie, # below it is the whole cookie. # # This could be done by reusing the $id value, but I think it's a bit # clearer here that we're reading a previous session id if we do it # this way. $sessionCookie =~ /([a-z0-9]+)/; $sessionID = $1; tie %session, 'Apache::Session::File', $sessionID, { Directory => './.sessionDir', LockDirectory => './.lockDir' }; tied(%session)->delete; untie(%session); $sessionCookie = $query->cookie( -name=>'sessionTest', -value=>"", -expires=>'Thu, 31-Dec-1974 00:00:00 GMT' ); print $query->redirect(-uri=>"$scriptName",-cookie=>$sessionCookie); } else { # the browser has a session cookie, print out a page that will let us # remove it. print $query->header(); print $query->start_html(-title=>"Welcome back"); print "Your session id is $sessionCookie."; print "click here to log out\n"; print $query->end_html(); } } else { # the browser doesn't have a session cookie, feed it one. tie %session, 'Apache::Session::File', $id, { Directory => './.sessionDir', LockDirectory => './.lockDir' }; $sessionCookie = $query->cookie( -name => 'sessionTest', -value => $session{_session_id}, -expires => 0 ); untie(%session); print $query->redirect(-uri=>"$scriptName",-cookie=>$sessionCookie); }