CGI cookie problem

qadwjoh has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing a script to authenticate a user on initial log in and have this authentication last for 10 minutes (during which it will be passed between scripts) so as to avoid repeated calls to an Exchange server.

I'm creating a session file to store the authentication details and I want to keep the session ID in a cookie, so it can be reloaded each time.

I've got the following...

# load CGI information
$cgi = new CGI;
 
# load session (from cookie) or create new one if not found 
if ($session = new CGI::Session(undef, $cgi, {Directory=>$SESSION_DIR}
+)) {
   # expire after 10 minutes
   $session->expire('+10m');
       
   # set cookie
   $cookie = $cgi->cookie(-name    => "CGISESSID",
                      -value   => $session->id,
              -expires => '+1h',
                  -secure  => 1);
   print $cgi->header(-cookie=>$cookie);

   # print opening HTML
   print $HTML_OPEN;

   if (defined $session->param('authentication')) {
      # user is authorised - allow access to site
      print "Welcome back"; # D

      ...
   } else {
      # authorise user
      if (&authorise_user) {
     print "Welcome";
     # set user info in session file
     &log_state($session, 'authentication', 'passed')
      } else {
         print "You are not welcome";
      }
   }
[download]

But it won't create a cookie on my machine.

Any ideas?

A

Comment on CGI cookie problem Download Code

Replies are listed 'Best First'.
Re: CGI cookie problem by matija (Priest) on Mar 04, 2004 at 15:18 UTC
Running this from the command line, I see what looks like a correct cookie being printed: `Set-Cookie: CGISESSID=1a0d5dbd88aafd8d35e41b93f72a16b0; path=/; expire +s=Thu, 04-Mar-2004 16:10:51 GMT; secure Date: Thu, 04 Mar 2004 15:11:12 GMT Content-Type: text/html; charset=ISO-8859-1` [download] Are you, by any chance, blocking cookies in your browser? If you have mozilla, install the live http headers extension. It should help you see exactly what headers the site is sending you, and determine if the cookie is or isn't present. If you're using IE, I don't know how to help you, although I see that google showed some adverts for tools that appear like they might be useful when I searched for "live http headers".	[reply] [d/l]
Re: Re: CGI cookie problem by qadwjoh (Scribe) on Mar 04, 2004 at 15:32 UTC
Thats what I though aswell, but I looked in my cookies folder and saw other cookies being set by other sites... A	[reply]
Re: Re: Re: CGI cookie problem by qadwjoh (Scribe) on Mar 04, 2004 at 16:05 UTC
I've figured out what the problem is, but not how to fix it... The cookie is set if I access the site by the URL http://mymachine.mydomain.mycompany.com, but not when I access it by http://sitename. I've tried setting the domain in the cookie to 'mymachine' and also 'mydomain.mycompany.com' and 'mymachine.mydomain.mycompany.com' but to no avail... How do I set a cookie for users who don't want to specify the entire URL? A	[reply]
Re: Re: Re: Re: CGI cookie problem by little (Curate) on Mar 05, 2004 at 13:04 UTC