O Monks,

I have a fairly large and fairly mature open-source CGI app https://github.com/bcrowell/spotter , which I recently converted to using CGI::Application::Plugin::Authentication for logins, since my old login code was buggy. This basically works great, except that it doesn't work in Google Chrome. Strangely enough, it does work in the version of Chromium that is packaged for Ubuntu, even though I would think it was essentially the same codebase as Chrome. The problem seems to be that although my login cookie is being set properly in all other browsers, in Chrome it doesn't get set. The following is what I got by cutting my app down to a minimal example of the difference in behavior:

Bug.cgi: 

#!/usr/bin/perl
use strict;
use WebInterface;
WebInterface->new()->run();

[download]
WebInterface.pm: 
#!/usr/bin/perl

use strict;

package WebInterface;
use base 'CGI::Application';
use CGI::Session;
use CGI::Application::Plugin::Authentication;

use CGI;

WebInterface->authen->config(
  STORE => ['Cookie',
        NAME   => 'login',
        SECRET => 'not really so secret',
        EXPIRY => '1d',
    ],
);

sub setup {
  my $self = shift;
  $self->start_mode('my_run_mode');
  $self->run_modes([qw/
   my_run_mode
  /]);
  $self->mode_param('my_run_mode');
}

sub my_run_mode {
  my $self = shift;
  $self->authen->logout();
  CGI::Session->new();
  return '';
}

1;

[download]
This minimal example is obviously not functional, or even particularly logical (it only logs you out, not in), but it demonstrates the difference in behavior between browsers. If I run it in Chromium, a cookie named "login" shows up. If I run it in Chrome, no cookie shows up. (You can see this in Tools:Developer Tools:Resources:Cookies.) For anyone who wants to try running it, I have it installed here: http://www.lightandmatter.com/cgi-bin/Bug.cgi . You should see that in Firefox, IE, or Chromium, the cookie gets set, but in Chrome it doesn't.

Can anyone suggest what's going on?

Normally I would expect that if a cookie was not getting set, the problem would be that either it wasn't being set with the correct domain, or the expiration date was not in the future. Here the expiration date is being set in the future, and I assume that CGI::Application::Plugin::Authentication bakes it with the correct domain (else it wouldn't work in any browser).

Any thoughts would be much appreciated.

-Ben

In reply to CGI::Application::Plugin::Authentication not working on Google Chrome by bcrowell2

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.