Re: CGI::Session Handling

Do I have to pass the cookie and session variables as headers to each page? This doesn't seem right as it should be kept on disk or in memory until expiration.

"Which disk" and "which memory?" The act of saving a cookie does write the SID to disk -- the client's disk. Checking, on every page load, if the cookie exists, and if it does, setting the SID to that value, recreates the session.

If the cookie doesn't exist, a new SID will get created. That is normal behavior, since, as far as your program is concerned, it has never seen that session before.

All that said, I've had problems with CGI-Session as well, but only when using the ODBC driver. I eventually ended up using just a file and things worked just well.

Comment on Re: CGI::Session Handling

Replies are listed 'Best First'.
Re^2: CGI::Session Handling by intranetman (Acolyte) on Sep 22, 2004 at 20:35 UTC
That makes sense. To rehash for my own understanding the cookie should technically exist on the client's disk. However, I need to check for it at each page I want to restrict access too. When it finds the cookie it then creates a new session with the old parameters. My next questions is how do I retrieve those old values since technically it could be looking for any CGISESSID that has been loaded. In other words, is it imperative that I pass CGISESSID to/between each html/cgi document that the client visits? I am using the following (updated) code to store and retrieve cookies: sub setCookie($) { my($session) = @_; my $q = new CGI; $sid = $session->id(); $cookie = $q->cookie(-name => "CGISESSID", -value => $sid, -expires => '+1h', -path => '/tmp/Sessions'); print $q->header(-cookie=>$cookie); } sub retrieveSession() { $query = new CGI; $sid = $query->cookie("CGISESSID") \|\| undef; $session = new CGI::Session(undef, $sid, {Directory=>'/tmp/Session +s'}); $sid = $session->id(); $session = getUser($sid); print $session->param("log_name"); return $session; } sub getUser($) { my ($sid) = @_; $select = "SELECT username, password FROM Employees WHERE session_i +d = '$sid'"; $get_it = $db->prepare($select); $get_it->errstr, "\n"; $rv = $get_it->execute() or die "Couldn't execute query '$select' \ +n"; $get_it->bind_columns(undef, \$username, \$password); $get_it->fetchrow_arrayref(); $session->param(-name=>"log_name", -value=>$username); $session->pa +ram(-name=>"log_password", -value=>$password); return $session; } [download] Even though I have a cookie stored on disk that I can see the getUser and retrieveSession functions are not working properly. I would think that I wouldn't need to append cgisess_ to the beginning of the session id like cgisess_a983c8302e7a678a2e53c65e8bd3316 because it should take care of this automatically? Any other ideas? Thanks once again for helping out!	[reply] [d/l]
Re^3: CGI::Session Handling by punkish (Priest) on Sep 22, 2004 at 22:50 UTC
That makes sense. To rehash for my own understanding the cookie should technically exist on the client's disk. However, I need to check for it at each page I want to restrict access too. When it finds the cookie it then creates a new session with the old parameters. You are mostly correct, except for the last part. When a cookie is found, a new session is not created... instead, the old session is recreated. The old session is recreated with the help of the cookie. The cgi method for cookie essentially retrieves the cookie if it exists, and SID is set to that value. If the cookie doesn't exist, a new cookie gets created (using MD5), and SID is set to that. I don't have my scripts with me that I used to create a succesful app, but here is my advise. Start small. Ditch your home-rolled MySQL driver for now, and just use the File option in the CGI-Session module. Use the cookbook recipe for creating a members-only area. Once that is working, then apply your MySQL driver. That way you will know where the problem lies. Always solve one variable at a time. Too many unknowns always spell doom for the programmer. Good luck.	[reply]
Re^4: CGI::Session Handling by intranetman (Acolyte) on Sep 23, 2004 at 15:34 UTC
Thanks for the advice. I'll let you know how it turns out!!	[reply]
Re^3: CGI::Session Handling by intranetman (Acolyte) on Sep 22, 2004 at 21:38 UTC
Sorry, that cgisess_a983c8302e7a678a2e53c65e8bd3316 value is the session be stored not the cookie. The cookie does not work...and I'm so hungry...(the directory has the correct read/write permissions as well)!! AHHH!	[reply]