Could you please advise us on what the modules in use are here? A lot of distributions provide session objects, so this may help narrow down the issue quite a bit.
Most importantly, where are you getting Expires() and AccessInOutLot() etc coming from?
| [reply]
[d/l]
[select] |
The modules are mine. I just did a search in the module on expire and no hit which set expire to 1 day. I uncommented
the line with +7d and commented out the line with now() + (86400*7)and tghe session still expires in 1 day. Weird.
Code block below is the whole login:
#-------------------------------------------------------------------------------
# FUNCTION: LoginUser($dsn,$sql_username,$sql_password,$sql_user_table,$sql_session_table,$passhash,$sessionhash,$uvId,$username,$ipaddress);
# DESCRIPTION: The user will log in, sending the username and password
#-------------------------------------------------------------------------------
sub LoginUser
{
my (%query) = @_;
my ($day, $month, $year) = (localtime())[3,4,5];
my $localtimenow = localtime(Now());
$month = $month + 1;
$year = $year + 1900;
warn("Day: '$day' Month: '$month' Year: '$year'");
my $currentdate = sprintf("%04d-%02d-%02d",$year,$month,$day);
# warn("LoginUser-JustBefore Open Session Current Time: '$localtim
+enow'");
my $sid = $query->param('CGISESSID');
if (!$sid){
warn("Invalid SID at login 330");
return 0;
}
warn("LoginUser-JustBefore Open Session Current Time: '$localtime
+now'");
OpenSession($dbh,$sid);
warn("LoginUser Line 285 session: '$session' sid: '$sid'");
my ($result, $login_timeout) = checkTimeinAttempts();
warn("Returned result line 293: $result");
if (($result == 0) || ($result == 4) || ($result == 5)) {
if ($result == 5) {
warn("Returned result line 296: $result");
# $session->delete();
# $session->flush();
return ($result, $login_timeout);
}
else{
warn("Returned result line 302: '$result'");
# $session->delete();
# $session->flush();
return $result;
}
}
my $username = $query->param("username");
my $sessiondata2 = $query->param("sessiondata2");
my $passhash = $query->param("passhash");
warn("Line 360 Username: $username");
my $SQL = qq|select id, password, forename, lastname, expire from
+$sql_user_table where username = '$username'|;
warn("Ready to execute SQL: $SQL");
warn("LoginUser-JustBefore Execute Query Current Time: '$localtim
+enow'");
my $sth = ExecuteQuery($SQL);
my ($uid,$password,$forename,$lastname,$expiredate) = $sth->fetchr
+ow_array();
$sth->finish;
warn ("*****LOGIN ATTEMPT USER INFORMATION Uid: $uid username: $us
+ername password: $password ipaddress: $ipaddress");
# if we get an invalid username disconnect,disconnect and return w
+ithout access
if (!$uid) {
warn("Invalid Password manageusers 371");
# $session->delete();
# $session->flush();
return 0;
}
# if the users expire date is less then the current date, disconne
+ct and
# return without access
#strip characters so numeric comparison caan be made
$expiredate =~ s/-//g;
$currentdate =~ s/-//g;
warn("Line 465 Expire Date: '$expiredate' Current Date: '$cur
+rentdate' ");
if($expiredate < $currentdate){
# $session->delete();
# $session->flush();
return 2;
}
else {
$sid = $session->id();
my $sessiondata2s = $session->param('sessiondata2');
# warn("sessiondata2 from session: '$sessiondata2s'");
my $sessiondata2md5p = md5_hex($password . $sessiondata2s);
my $passhash1 = md5_hex($password . $username);
if (($passhash ne $passhash1) ||
($sessiondata2 ne $sessiondata2md5p)) {
warn ("SID: '$sid' username: '$username' password: '$password
+'");
warn("Hash evaluation failed line 406 - $passhash = $passhash
+1 : $sessiondata2 = $sessiondata2md5p");
# $session->delete();
# $session->flush();
return 0;
}
warn("Hash evaluation succeded - $passhash = $passhash1 : $sess
+iondata2 = $sessiondata2md5p");
my $timein = time();
$session->param('user_id',$uid);
$session->param('username',$username);
$session->param('forename', $forename);
$session->param('lastname', $lastname);
$session->param('timein', $timein);
$session->param('timeout', 0);
$session->param('attempts',0);
$session->param('isloggedin',1);
$session->expires('+7d');
# Expires($session, Now() + (86400*7));
AccessInOutLog($session); #Added 02/18/05
my $isloggedin = $session->param('isloggedin');
warn("Login User Line 420: SID '$sid' Session Logged In '$isl
+oggedin'");
$session->flush();
#Set session cookie on client
SetUserSessionCookie('CGISESSID', $sid);
my $gmtimenow = gmtime(Now());
my $localtimenow = localtime(Now());
# warn("Login gmtime(gmtnow) = '$gmtimenow'");
# warn("Login localtime(localnow) = '$localtimenow'");
return 3;
}
| [reply]
[d/l] |
I'd love to have you explain what you think is in %query
I'm going to take pity and assume its use CGI::Session;
http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session.pm
expire($time)
Sets expiration date relative to atime().
so Now() + (86400*7) was real huge considering now is something close to 1488409938.
Seems expire and expires does the same thing
# expires() - alias to expire(). For backward compatibility
sub expires {
return expire(@_);
}
This works just fine for me
#!/usr/bin/perl
use strict; use warnings;
select STDOUT; $| = 1;
use CGI;
use CGI::Session;
use Data::Dumper;
use HTML::Entities qw/encode_entities/;
my $q = CGI->new;
my $tssid = $q->cookie('TSSID');
my $title='huh';
my $cookie=undef;
my $delete=0;
my @lines;
my $session;
unless ($tssid){
$session = new CGI::Session(undef, undef, {Directory=>'/tmp'});
$cookie = $q->cookie(TSSID => $session->id );
$title='No session';
push @lines,$title;
setup_new($session);
} # no ssid
else {
push @lines,'tssid:'.$tssid;
$session = new CGI::Session(undef, $tssid, {Directory=>'/tmp'});
if ($tssid ne $session->id) {
$cookie = $q->cookie(TSSID => $session->id );
setup_new($session);
$title='Expired Session .. made new one';
push @lines,$title;
}
else {
$delete=5>int(rand(10));
$title='old session';
if ($delete) {
$cookie = $q->cookie (
-name => 'TSSID',
-value => '',
-path => '/',
-expires => '-1d'
);
push @lines,'deleted';
} # delete
} # not expired
} # not missing
if ($cookie){ print $q->header(-cookie=>$cookie);}
else { print $q->header();}
print '<head><title>'.$title.'</title></head>'."\n";
print '<body>'."\n";
print '<br>session:'.$session->id."\n";
for my $l (@lines) {print '<br>'.$l."\n"; }
print '<pre>'."\n";
local $Data::Dumper::Deepcopy=1;
local $Data::Dumper::Purity=1;
local $Data::Dumper::Sortkeys=1;
local $Data::Dumper::Indent=2;
print encode_entities(Dumper($session))."\n";
print '</pre>'."\n";
print '</body>'."\n";
if ($delete){$session->delete();}
exit;
sub setup_new {
my $session=shift;
my $expires=5>int(rand(10))?'+1m':'+7d';
# $session->expire('+1m');
$session->expires($expires);
# $session->expires('+7d');
my $timein = time();
$session->param('user_id','uid');
$session->param('username','username');
$session->param('forename','forename');
$session->param('lastname', 'lastname');
$session->param('timein', $timein);
$session->param('timeout', 0);
$session->param('attempts',0);
$session->param('isloggedin',1);
}
Notice the 50% chance of being deleted, and the 50% chance of +1m vs +7d. refresh it a few times to watch it delete-cycle and expire-cycle. I'm Looking at a '_SESSION_ETIME' => 604800, run now, thats 7 days.
play with that, get it to do what you want them make LoginUser do the same thing
so what does AccessInOutLog($session); #Added 02/18/05 do, are you sure it doesnt change expires?
and i just love
warn ("*****LOGIN ATTEMPT USER INFORMATION Uid: $uid username: $userna
+me password: $password ipaddress: $ipaddress");
Maybe you need to email me your error.log so i can debug farther | [reply]
[d/l]
[select] |