comment on

Hello,

Does everyone that comes to the site get a sessionid? Or only people that are logged in?
Depends on your code :-) But in general I think that most session mechanisms give a session to everybody that visits some "dynamic page" (i.e. a CGI script or Apache handler). Mainly because it's easier that way:
```
# somewhere at the start of some handler of CGI script...

my $session  = CGI::Session->new("driver:File", $query, {Directory=>'/
+tmp'});

if (my $user = $session->param('user')) {
   # user is already logged in...
}
elsif (my $user = get_user($query->param('user'),$query->param('passwo
+rd'))) {
   # store newly logged in user in session
   $session->param('user',$user);
}

       
# somewhere else

print $session->header( -some => 'value' );
# instead of $query->header.
[download]
```
Instead of having to check for as session id and a valid username and password combination, and maybe even more request params just to initialize the session object. Besides, sessions can be handy even if a user is not logged in.
You do not want to "check the cookies"; you already have a session - see code example above, just store the valid username or user object in the session when the user logs in, and then you can retrieve the user name/object directly from the session afterwards.
A session id is just some hard to guess string, that can be passed to the user agent (browser) - usually set as a cookies, but sometimes it is part of the URL.
A session id identifies a sepecific session - that is, every visitor gets a unique session, in which the programmer can store data about that visitor.
The session itself is NOT stored in the visitor's browser but on the server (i.e. in a database or file), only the session id is passed to the user.
Good session modules make it hard to guess a session id by generating one from some semi-random function.

Update: s/request/query/g

"What should it profit a man, if he should win a flame war, yet lose his cool?"

In reply to Re: question on program flow and checking for cgi-session by Joost
in thread question on program flow and checking for cgi-session by cranberry13

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.