The problem occurs when a user's session expires. They are sent back to "index.html" through "Location: index.html\n\n" in the HTTP header. The address bar still reports the location as being the referring page, however. So, when the user attempts to return to that script, (s)he is presented with the login prompt again. When the user reenters his/her information, they can once again freely navigate the site. Another interesting event is that if the user navigates "Back" from the second (erroneous) login prompt, and then attempts to visit the link again, they proceed. Below is the validation section of all the pages in the member's area.if(verify_password($username, $password)){ # write new HTTP session my $session = new CGI::Session(undef, undef, {Directory=>"/tmp"}); # inititialize session variables (expiry, etc) $session->param("~logged-in",1); #set logged in flag $session->param("username",$username); #write username in ses +sion $session->expires("~logged-in", "+5m"); #set 5 minute expirati +on # write sid to client cookie $cookie = $cgi->cookie(CGISESSID => $session->id); print $cgi->header(-cookie=>$cookie); print_success(); exit; } else { print_failure(); exit;}
Below this code is all preprocessing for the page to be printed. The header that I print before the HTML is simply a "Content-type: text/html\n\n", because I don't want to write another cookie, or do I need to. Thanks in advance for the help.#!/usr/bin/perl -wT use CGI; use CGI::Session; use CGI::Session qw/-ip-match/; use DBI; my $cgi = new CGI; my $session; my $anon = sub {$session->delete(); print"Location: /fwm/index.html\n\n"; exit(0);}; my $sid = $cgi->cookie("CGISESSID") || undef; $session = new CGI::Session(undef,$sid,{Directory=>'/tmp'}); &$anon unless $session->param("~logged-in"); # expired session $session->param("~logged-in",1); # refresh session
In reply to CGI::Session Expiration Woes by amt
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |