CGI::Session cookie won't delete

underTheRadar has asked for the wisdom of the Perl Monks concerning the following question:

I have tried using the CGI::Session module to create a cookie for each user logged into my website.

And it works just fine.

The problem is, I can't remove the cookie using $session->delete() and $session->flush() when I try to log out.

Here's my full code:
https://xxxx.xxx/LogIn/cgi-bin/login.cgi

#!/usr/bin/perl

use warnings;
use CGI;
use DBI;
use DBD::mysql;
use CGI::Session '-ip_match';

local ($buffer, @pairs, $pair, $name, $value, %FORM);
# Read in text
$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;

if ($ENV{'REQUEST_METHOD'} eq "POST") {
   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
} else {
   $buffer = $ENV{'QUERY_STRING'};
}

# Split information into name/value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs) {
   ($name, $value) = split(/=/, $pair);
   $value =~ tr/+/ /;
   $value =~ s/%(..)/pack("C", hex($1))/eg;
   $FORM{$name} = $value;
}

$email = $FORM{emailAddress}; # get these from LogIn/index.html
$password = $FORM{password};

$myConnection = DBI->connect("DBI:mysql:xxxxxxxxxx:localhost","xxxxxxx
+xxxxxx","xxxxxxxxxxxxxxx");
my @row = ();
$sql = "SELECT COUNT(*) FROM xxxxxxxxxxxxxxx.UserDatabase
WHERE EmailAddress = ?
AND password = ?";

$sth = $myConnection->prepare($sql);

$sth->execute;

$sth->finish;

if($myConnection->selectcol_arrayref($sql, undef, $email, $password)->
+[0] == 1)
{
    # create a new session
    $session = CGI::Session->new(undef, undef, {Directory=>'../TEMPDIR
+/sessions'});
    
    # access data
    $session->param($email);
    
    # expiration
    $session->expire('+1M'); 

    # bake a cookie
    print $session->header("Location: https://xxxx.xxx/dashboard/index
+.cgi");
}
else
{
    my $query = new CGI;
    print $query->redirect('https://xxxx.xxx/LogIn/index.html');
}
[download]

https://xxxx.xxx/dashboard/index.cgi

#!/usr/bin/perl

use warnings;
use CGI::Session '-ip_match';

$session = CGI::Session->load();

print "Content-type: text/html\r\n\r\n";

print qq|

# all the html stuffs here
<a href='cgi-bin/logout.cgi'>Log out</a>

|;
[download]

https://xxxx.xxx/dashboard/cgi-bin/logout.cgi

#/usr/bin/perl

use warnings;
use CGI::Session;

print $session->header("Location: https://xxxx.xxx/index.html");

$session->clear(["email"]);

$session->delete();
[download]

P.S. I'm quite new at backend web development. Without using any Content Management System(CMS), am I doing things right?

P.P.S. I'm not trying to create a porn site here.

Comment on CGI::Session cookie won't delete Select or Download Code

Replies are listed 'Best First'.
Re: CGI::Session cookie won't delete by hippo (Archbishop) on Mar 21, 2019 at 10:24 UTC
You have not declared `$session` in logout.cgi. strict would have caught that - always use strict! Also, always read the error log as the warnings which would also alert you to this bug will be in there.	[reply] [d/l]
Re^2: CGI::Session cookie won't delete by underTheRadar (Acolyte) on Mar 22, 2019 at 08:28 UTC
Here's the updated code: `#!/usr/bin/perl use warnings; use CGI::Session '-ip_match'; use CGI; my $session = CGI::Session->load(); $session->delete(); $session->flush(); my $url = "https://xxxx.xxx"; print "Location: $url \n\n";` [download] And it's still not working 2019-03-31 Athanasius changed <h1> to <h3>	[reply] [d/l]
Re^3: CGI::Session cookie won't delete by hippo (Archbishop) on Mar 22, 2019 at 09:23 UTC
And you still haven't used strict. Why is that? Just because you fix one bug it does not mean that your code is now bug-free nor does it mean that your algorithm has been correctly coded. You said: The problem is, I can't remove the cookie using $session->delete() and $session->flush() when I try to log out. How do you expect either of those methods to delete a cookie from the jar when you are printing the response headers by hand? That's not going to happen. Either look in the code and/or the documentation and determine how you can delete a cookie using the module methods or else do it yourself in the headers if that's the way you prefer. Or alternatively, just don't worry that a browser still has a cookie for a now-deleted session because it's not like they can do anything with it. Either way, at least you are now deleting the session which you were not before.	[reply]
Re^3: CGI::Session cookie won't delete (cgi101) by Anonymous Monk on Mar 22, 2019 at 11:39 UTC
This is cgi101 its even covered in CGI::Session docs and examples Re: reg access of stored session variable Re: cookie problem (cgi101) Re: delete cookie (cgi101) `web from mobile is a pita`	[reply] [d/l]
Re: CGI::Session cookie won't delete by rizzo (Curate) on Mar 21, 2019 at 08:37 UTC
Did you try to call `$session->flush()` after `$session->delete()` as recommended in the docs?	[reply] [d/l] [select]

And it's still not working