in reply to Re^2: Cookie->fetch problem
in thread Cookie->fetch problem

When you call SetUserSessionCookie what do you pass as $sname and $sid, if $sid is zero or $sname is not CGISESSID that may be where your problem is.

Infact i forgot to suggest you check your mysql table for a sessionid of 0, and if you find it plain delete it. if you call $session  = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh, LockHandle=>$dbh}); when $sid is zero and there is no sessionid 0 you will get a new sessionid back

Replies are listed 'Best First'.
Re^4: Cookie->fetch problem
by tultalk (Monk) on Mar 09, 2017 at 23:27 UTC

    Hi:

    It is setting the cookie with the session name as CGISESSID name and and the unique SID such as 08b6bf0fc7723abbc134fb0f1a09c5e8he SID generated with an MD5 hash using the username and password. This is done in the login iframe form and that hash is sent back to the server for verification. That sid is stored in the sessions table

[reply]

      and the unique SID such as 08b6bf0fc7723abbc134fb0f1a09c5e8he SID generated with an MD5 hash using the username and password. This is done in the login iframe form and that hash is sent back to the server for verification. That sid is stored in the sessions table

      OH NO!!!!!!!!!!

      you are talking about that as an hidden input field of the login form. Lets see what happens if you call $session  = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh, LockHandle=>$dbh}); with that "handmade" SID. it probably doesnt match a current session because CGI::Session uses some other method to compute its session ids, maybe even a md5 of the time+salt, so CGI::Session creates a new session and hands back ITS computed sessionid via $session->id that it uses internally. BUT you dont use that CGI::Session sessionid to set the cookie with, (which is used to call new CGI::Session the next time), instead you set the cookie to a value you (kinda) just made up

      it is fair to use your MD5 hash to check against a login table as a password, but that is not the sessionid CGI::Session wants to see. You need to set the cookie with $session->id instead so the next time thru CGI::Session can find the same session.

[reply]
[d/l]
[select]
Re^4: Cookie->fetch problem
by tultalk (Monk) on Mar 09, 2017 at 23:57 UTC

    Hi

    When the the page with the iframe is sent to the client, the call to get the cookies returns 0 if no cookies. That causes creation of a new session and the MD5 data being sent with the iframe response so a SID of 0 is just a flag. The call to set the cookie is: 

           #Set session cookie on client
       SetUserSessionCookie('CGISESSID', $sid);

    [download]

    The SID being the MD5 hash of the username and password.

[reply]
[d/l]

      you need to understand what i said in Re^5: Cookie->fetch problem about how CGI::Session gives you back a new INTERNAL sessionid if it cant find the sessionid you give it or that session has expired. A SESSIONID IT COMPUTES ITSELF!!!
      http://search.cpan.org/~markstos/CGI-Session-4.48/lib/CGI/Session.pm
      If it fails, will create a new session id, which will be accessible through id() method.

      id()

      Returns effective ID for a session. Since effective ID and claimed ID can differ, valid session id should always be retrieved using this method.

[reply]

In Section Seekers of Perl Wisdom