Howdy Monks.

I have been using CGI::Session to maintain state awareness in a website I've been developing. It works great.

To date, I have been allowing a limited number of users to log into the system without a secure connection. I have now set up SSL, and it was my intention to use it at logon only. I wish to eliminate the vulnerability of someone potentially sniffing out PW information on its way to the server.

Upon sending this sensitive information to the server, the user is authenticated via a CGI. This same CGI also invokes a session object for the user. As is customary, the SID follows the user thru the site. Once logged in, the SSL connection is dropped.

I know that some may take issue with this decision. We've taken this approach because we will be sharing large CAD files via this system using a viewing tool called "eDrawings". Quite simply, we want to serve these large files as quickly as possible (via a less secure HTTP connection). We are limiting the lifespan of the session object, and feel (all things considered) this is a reasonable approach.

The problem I have occurs immediately after I transition the user away from the SSL connection. That is, post login I send the user to a CGI via a HTTP connection. The session object has already been invoked as part of the logon process. Unfortunately, the session object is no longer recognized. I'm unclear on what is happening. I'm guessing it has something to do with the session object being invoked via the SSL connection? Is this information also saved in the session object?

Can someone help me to better understand this process? Thank you!

In reply to CGI::Session Question by Perobl

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.