my $sid = $foo->cookie('main') || undef;
my $session = new CGI::Session(undef, $sid, {Directory=>'c:/apache/ses
+sions'});
if ($session->param("alias")) {
.... #grab data from session
}
[download]

I take it you didn't like my previous solution. I'm not entirely sure why.

my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (is_logged_in()) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
}
[download]

What still is not clear to me is how you determine whether someone is logged in or not. If that is just by the existance of the "main" cookie, then "is_logged_in()" is simply the existance of $sid:

my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (defined $sid) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
}
[download]

Of course, in the code that logs in, you'll need to create a new session at that time, so you have a sid to put into the main cookie. But I don't think that's the problem you're having (yet).

It wasn't that I didn't like your previous solution, it was more a matter of it sounding more complicated them I'm prepared to handle and may not even have enough control of the webserve I'm hosted on to implement it.

I was using the existence of the cookie as the method of determining whether or not the user is logged in.
I've decided this is not adequate, as it's possible that there's a cookie in place but no session to match it (ie. if the session expires before the cookie does, or something of that sort).

So, what I'm really looking to do (and I'm amazed that this isn't a simple solution, but perhaps it's because I'm using sessions in a messed up manner compared to how they're suppose to be used) is to see if there's a session with the SID stored in the cookie that's active.
If there is, then grab data from session.
If there isn't, do NOT create session.

When I use this code:


my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (defined $sid) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
}
[download]


if anything is contained in the 'main' cookie (which there shouldn't be if it's set at the same time the session is, and they both have the same expire time... but sometimes the cookie still seems to stay active longer) then it creates a session... even if what's in the 'main' cookie is NOT a SID for the session.

I just realized that my session expiration time is longer then my session expiration time, so I'll match them (they're both set at the same time, in the same script) which should theoretically eliminate this problem.

I just assumed that there would be a simple way to simply test for the existence of a specific session, without forcing a new one to be created if the specific one that was tested for didn't exist.

Thx for all the feedback guys! I really appreciate it.


Stenyj