in reply to Re: CGI::Session Handling
in thread CGI::Session Handling

That makes sense. To rehash for my own understanding the cookie should technically exist on the client's disk. However, I need to check for it at each page I want to restrict access too. When it finds the cookie it then creates a new session with the old parameters.

My next questions is how do I retrieve those old values since technically it could be looking for any CGISESSID that has been loaded. In other words, is it imperative that I pass CGISESSID to/between each html/cgi document that the client visits? I am using the following (updated) code to store and retrieve cookies: 

sub setCookie($) {
   my($session) = @_;
   my $q = new CGI;
   $sid = $session->id();
   $cookie = $q->cookie(-name => "CGISESSID",
                        -value => $sid,
                        -expires => '+1h',
            -path => '/tmp/Sessions');
   print $q->header(-cookie=>$cookie);
}

sub retrieveSession() {
    $query = new CGI;
    $sid = $query->cookie("CGISESSID") || undef;
    $session = new CGI::Session(undef, $sid, {Directory=>'/tmp/Session
+s'});
    $sid = $session->id();
    $session = getUser($sid);    
    print $session->param("log_name");
    return $session;
}

sub getUser($) {
   my ($sid) = @_;
   $select = "SELECT username, password FROM Employees WHERE session_i
+d = '$sid'";
   $get_it = $db->prepare($select);
   $get_it->errstr, "\n";
   $rv = $get_it->execute() or die "Couldn't execute query '$select' \
+n";
   $get_it->bind_columns(undef, \$username, \$password); 
   $get_it->fetchrow_arrayref();   
   $session->param(-name=>"log_name", -value=>$username); $session->pa
+ram(-name=>"log_password", -value=>$password);   
   return $session;
}

[download]
Even though I have a cookie stored on disk that I can see the getUser and retrieveSession functions are not working properly. I would think that I wouldn't need to append cgisess_ to the beginning of the session id like cgisess_a983c8302e7a678a2e53c65e8bd3316 because it should take care of this automatically? Any other ideas? Thanks once again for helping out!

Replies are listed 'Best First'.
Re^3: CGI::Session Handling
by punkish (Priest) on Sep 22, 2004 at 22:50 UTC
    That makes sense. To rehash for my own understanding the cookie should technically exist on the client's disk. However, I need to check for it at each page I want to restrict access too. When it finds the cookie it then creates a new session with the old parameters.
    You are mostly correct, except for the last part. When a cookie is found, a new session is not created... instead, the old session is recreated.

    The old session is recreated with the help of the cookie. The cgi method for cookie essentially retrieves the cookie if it exists, and SID is set to that value. If the cookie doesn't exist, a new cookie gets created (using MD5), and SID is set to that.

    I don't have my scripts with me that I used to create a succesful app, but here is my advise. Start small. Ditch your home-rolled MySQL driver for now, and just use the File option in the CGI-Session module. Use the cookbook recipe for creating a members-only area. Once that is working, then apply your MySQL driver. That way you will know where the problem lies. Always solve one variable at a time. Too many unknowns always spell doom for the programmer.

    Good luck.

[reply]
      Thanks for the advice. I'll let you know how it turns out!!
[reply]
Re^3: CGI::Session Handling
by intranetman (Acolyte) on Sep 22, 2004 at 21:38 UTC
    Sorry, that cgisess_a983c8302e7a678a2e53c65e8bd3316 value is the session be stored not the cookie. The cookie does not work...and I'm so hungry...(the directory has the correct read/write permissions as well)!! AHHH!
[reply]

In Section Seekers of Perl Wisdom