fireartist has asked for the wisdom of the Perl Monks concerning the following question:

I have the following code to test setting a cookie and retrieving a CGI::Session id() from the cookie.   Each time I click on the link "check it's the same", I get a different session id displayed.   I've checked that the browser's actually receiving a cookie and it is. And the value's different every time.

What am I doing wrong? Thanks. 

package ImagesAdmin;
use base CGI::Application;
use strict;

use ImagesES::Conf;

use CGI::Session;
use File::Spec;


sub setup {
    my $self = shift;
    my $q = $self->query();
    
    $self->param('conf' => ImagesES::Conf->new());
    
    $self->param('session' => new CGI::Session(undef, $q,
                                    {Directory => $self->param('conf')
+->{'cgi_session_dir'}}));
    
    $self->param('session')->expire( $self->param('conf')->{'admin_ses
+sion_expire'});
    
    $self->param('this_url' => $q->url(-absolute=>1));
    
    my $cookie = $q->cookie(-name => 'sid',
                                                    -value => $self->p
+aram('session')->id(),
                                                    -path => $self->pa
+ram('conf')->{'admin_cookie_path'});
    
    $self->header_props(-cookie => $cookie);
    
    $self->start_mode('mainmenu');
    $self->run_modes(
                                        mainmenu => 'mainmenu',
                                        logout   => 'logout',
                                    );
}


sub mainmenu {
    my $self = shift;
    my $q = $self->query();
    
    my $logout_link = $self->param('this_url') . '?rm=logout';
    
    my $output = $q->start_html();
    $output .= $q->p( 'your session id is', $self->param('session')->i
+d() );
    $output .= $q->p( $q->a({href=> $self->param('this_url')}, 'check 
+it\'s the same') );
    $output .= $q->p( $q->a({href=> $logout_link}, 'logout'));
    $output .= $q->end_html();
    
    return $output;
}


sub logout {
    my $self = shift;
    my $q = $self->query();
    
    $self->param('session')->delete();
    
    my $output = $q->start_html();
    $output .= $q->p('logged out!');
    $output .= $q->p( $q->a({href=> $self->param('this_url')}, 'log in
+') );
    $output .= $q->end_html();
    
    return $output;
}

1;

[download]

2003-06-14 edit ybiC: <readmore> tags around block of code

Replies are listed 'Best First'.
Re: CGI::Application CGI::Session problem
by PodMaster (Abbot) on Jun 14, 2003 at 15:14 UTC
    It's because you create a new session upon each invocation and then set the cookie to it's id. perldoc CGI::Session

    update: You might wanna take a look at generic-cgi-app, it's based on one of merlyn's articles (just read the source), and demonstrates how to be user friendly when giving away cookies ;)

    update: ah, I see, cheers

    MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
    I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
    ** The third rule of perl club is a statement of fact: pod is sexy.

[reply]
      I've figured it out!
      It wasn't creating the session files.
      My CGI::Session data directory needed permissions 777 rather than 766.
      My new construct works because I'm passing my CGI object as the 2nd argument, so CGI::Session can find the session id from the cookie itself.
      Also, my cookie name should have been 'CGISESSID' so that CGI::Session could find the value.

      cheers though PodMaster
[reply]
[d/l]
        A security note (not that I'm an expert or anything, but still):

        777 is much too permissive. You might want to change the owner of the directory to the server's user name (the name the server runs with) or change the group of that dir to some group that the server is a member of, and give it a 77x(something less than 7).

[reply]

Back to Seekers of Perl Wisdom