My site is using CGI::Session and MySQL to handle a member's area. Right now everything works perfectly, except of course the session handling. Whenever a user logs-in a new session id is created and stored in the MySQL user database. Whenever they logout it is destroyed. However, when the user browses to a restricted page after login, I cannot retrieve the Session from the browser. I store the session id in a cookie on the users end 
..
$session->save_param($cgi);              
setCookie($cgi, $session);
..
sub setCookie($) {
   my($cgi, $session) = @_;
   $cookie = $cgi->cookie(CGISESSID=> $session->id);
   print $cgi->header( -cookie=>$cookie);
}

[download]
I attempt to retrieve the session as follows: 
sub retriveSession() {
 my $cgi = new CGI;
 $sid = $cgi->cookie("CGISESSID") || $cgi->param('CGISESSID') || undef
+;
   $session = new CGI::Session(undef, $sid, {Directory=>'/tmp/Sessions
+/'});
   if ((undef($sid)) || (undef($sessions))) {
      print "<li> You are currently not logged. You will now be return
+ed to the login page! </li> \n";
      print qq{<meta HTTP-EQUIV=REFRESH content="1; url=http://www.myu
+rl.com/login.html">};
      exit(0);
   }   
}

[download]
Where CGISESSID should be cache (right? wrong?). Now, I could return the cookie, but that doesn't make sense as it is supposed to be cached or written to the clients disk. So when I login I have a sessionid of say a983c8302e7a678a2e53c65e8bd3316, but when I try to retieve that value with a small script I get a new value 9ccaa7a41f78970bb804b4afa9e8cb4c.

I've read through the CGI::Session, CGI Cookie pages, and perldocs, but nothing. They keep saying that you can retrieve the session parameters using something similar  $session->load_param($cgi, ["fruits"]);, but that presupposes that the session variables is already passed.

Do I have to pass the cookie and session variables as headers to each page? This doesn't seem right as it should be kept on disk or in memory until expiration. My implementation is pretty similar to that in the Tutorial, however, I wrote my own drivers for MySQL. I thought about using CGI::Session:Serialize the process, but this adds another security issue.

I think I've confused myself. Any Perl Wisdom would be helpful, thanks once again!

In reply to CGI::Session Handling by intranetman

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.