CGI::Application::Session Cookies confusion

kerindar has asked for the wisdom of the Perl Monks concerning the following question:

I'm having trouble getting a CGI::Application::Session cookie to be persistent. In other words, once the browser is closed the cookie is lost. Which is understandable because that's how cookies work, but I want to create one that is persistent and is used later if the user wants Automated logins. If I try to set the parameters such that the cookie has an expiration date, then every page I visit that is encapsulated within the same cookie/login returns me to login as if the cookie parameter for being logged in was cleared or if the cookie all together is being cleared. I'm using a combination of HTML::Template, CGI::Application, and CGI::Application::Session for a database program that I've developed. All run mode programs inherit from a parent that does a prerun to determine if the 'program' should route to the login page. If I do

my $self = shift;
my $q = $self->query();
my $session = $self->session;
[download]

then when the user logs in, and I check the parameters from the log in form, compare them to the database, and set the session parameter login to true, everything works. Except, once they close their browser and come back later they have to log in again. This works perfectly like I expect, so then I go further to see if I can get automated logins to work ... If I try to create a cookie with a specific time then I end up with the user constantly logging in for every mode/page they try to visit - am I writing this incorrectly?

my $self = shift;

my $q = $self->query();
my $sid = $q->cookie("CGISESSID") || undef;
$self->session_config
(
   CGI_SESSION_OPTIONS => [ "driver:File", $q, {Directory=>'/tmp'} ],

   COOKIE_PARAMS       => {
                                   -expires => '+1M',
                                   -secure  => 1,
                                 },
          SEND_COOKIE         => 1,
   );

my $session = $self->session;
[download]

I figure I probably need to do some kind of cookie comparison or something? I don't know when/where/how to do this if this is the case. If I am being vague and we need more information of what I am doing I'll gladly write more. I just hope this is a good starting point.

Comment on CGI::Application::Session Cookies confusion Select or Download Code

Replies are listed 'Best First'.
Re: CGI::Application::Session Cookies confusion by punkish (Priest) on Sep 24, 2004 at 18:39 UTC
I'm having trouble getting a CGI::Application::Session cookie to be persistent. In other words, once the browser is closed the cookie is lost. If you don't specify an expiration date, the cookie will be lost once all the windows of that browser is closed. You don't need to manually compare the cookie. The CGI-Session does it for you. But you do have to propagate the session id from request to request, otherwise the application has no way of knowing which/who/what to look for. Look at the cookbook manual for CGI-Session where a simple "members only area" example details this very clearly.	[reply]
Re^2: CGI::Application::Session Cookies confusion by kerindar (Initiate) on Sep 24, 2004 at 22:40 UTC
I'm having trouble getting a CGI::Application::Session cookie to be persistent. In other words, once the browser is closed the cookie is lost. If you don't specify an expiration date, the cookie will be lost once all the windows of that browser is closed. ... Which is understandable because that's how cookies work, but I want to create one that is persistent and is used later if the user wants Automated logins. You don't need to manually compare the cookie. The CGI::Session does it for you. Ok, I was hoping that comparing the cookie was probably taken care of within CGI ... But you do have to propagate the session id from request to request, otherwise the application has no way of knowing which/who/what to look for. In the readme of CGI::Application::Session, it states that the first time that $self->session is accessed it "add(s) a cookie to the outgoing headers containing the session ID". It is in the section right under the session_cookie description. Doesn't this mean that I don't have to propagate that information if between HTML::Template and CGI::Application the cookie propagation is being handled in the header once I call $self->session? Therefore, if CGI::Session handles the comparison, and if CGI::Application::Session handles propogation, and if all I need to do is add a expiration date to the cookie, why doesn't my second code snippet work for handling automated logins between browser opens/closes? `my $self = shift; my $q = $self->query(); my $sid = $q->cookie("CGISESSID") \|\| undef; $self->session_config ( CGI_SESSION_OPTIONS => [ "driver:File", $q, {Directory=>'/tmp'} ], COOKIE_PARAMS => { -expires => '+1M', -secure => 1, }, SEND_COOKIE => 1, ); my $session = $self->session;` [download]	[reply] [d/l]
Re^3: CGI::Application::Session Cookies confusion by saberworks (Curate) on Sep 25, 2004 at 01:19 UTC
Have you gotten yourself a browser that lets you look at the cookies being set and whether they're being set right? I'm not familiar with CGI::Session but it sounds like your cookie is being reset each time and you need to figure out why that's happening. Check out opera or firefox, both of which allow you to easily view cookies, even the temporary ones.	[reply]