Cookie & Session type problem...

meetn2veg has asked for the wisdom of the Perl Monks concerning the following question:

Brief sysnopsis dear Monks...

I'm wirting something far larger than I had imagined but... Admin system where multiple users can administer their own pages (so I don't have to) thru admin GUI.

Have read as much as possible about Cookies and am using CGI::Cookie.

Thought I had the hang of it until I created a "Preview" link for admin users. Window opens no probs (who can screw-up on a simple one-liner of javascript?!?) but the cookies appear to be reset. Upon closing the new window and clicking on another link within the admin system, the User is bugged-out 'cos there are no cookie values!

I'm positive this is considered a "session" issue but can't quite get the hang of it... yet.

As an example, I first noticed the prob when I created a link which opens a new window and displays a photo (or any photo) previously uploaded by the user. The upload program is a seperate file (chmod 777 etc...= with a "Location:http://www.my.com etc" upon successful upload. In this file, there are no $query=>cookie variables, no cookies are checked for their existence, neiher are any cookies set. This works as it should - presumably because it doesn't open a new window(?).

Yet upon opening a new window to get a preview of any photo (or text or whatever) uploaded, something somewhere happens and I get sent to the login page when I click on another link after closing the new window. Hense I'm presuming it to be a session issue. Right or wrong? You tell me.

I'm hoping that, with a gentle nudge in the right direction (although full-blown code would be greatly appreciated), I'll be able to squish this problem and maintain session status across numerous windows - I'm planning on having several "preview" windows for both text and photos and don't really want the user to be spat-out of the admin system every time they want to check on something purely because I haven't got the cookie issue right!

Any help/advice is... you know what - and Yes! I have done searches etc...

Kind regards in advance (also big thanks to those who reply)

Richard
Principality of Andorra (yes - it does exist!)

Comment on Cookie & Session type problem...

Replies are listed 'Best First'.
Re: Cookie & Session type problem... by Happy-the-monk (Canon) on May 16, 2004 at 08:42 UTC
There's little I could guess without the code. But have you tried to use CGI::Session? There's a good tutorial called CGI::Session::Tutorial that could get you where you want. Cheers, Sören	[reply]
Re: Cookie & Session type problem... by andyf (Pilgrim) on May 16, 2004 at 04:49 UTC
Hi Richard, Personally I've never used cookies much before, and I'm prejudiced against them. They are a very good and expedient method of session tracking, espcially with packages like Apache::Session, but I have always chosen to do my own session management. Remember there are 3 ways, rewritten URLs, cookies and hidden feilds. an overview Personally I favour serverside session objects to cookies and using a url rewritten session ID. If you implement this yourself you will have a much clearer understanding of what is gong on and more control. But don't fall into the trap of inventing your own obscured method for generating IDs if you want any kind of security from session hijacks. Just like everyone thinks they can write a cunning new encrytion algorithm they think theres a novel new way to do this, stick with standard methods. So, in a nutshell, if you are prepared to experiment with non-cookie methods I would do that. For one thing it would solve your multiple window problem if you allow a range of valid ID's instead of relying on one cookie value. Best of luck, Andy	[reply]
Re: Cookie & Session type problem... by antirice (Priest) on May 18, 2004 at 14:18 UTC
Are you passing a -expires value to the CGI::Cookie constructor? If not, they usually expire immediately. antirice The first rule of Perl club is - use Perl The ith rule of Perl club is - follow rule i - 1 for i > 1	[reply]