in reply to Re^2: CGI::Session - non-stop session creation problem
in thread CGI::Session - non-stop session creation problem

I take it you didn't like my previous solution. I'm not entirely sure why.

my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (is_logged_in()) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
}

[download]
What still is not clear to me is how you determine whether someone is logged in or not. If that is just by the existance of the "main" cookie, then "is_logged_in()" is simply the existance of $sid: 
my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (defined $sid) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
}

[download]
Of course, in the code that logs in, you'll need to create a new session at that time, so you have a sid to put into the main cookie. But I don't think that's the problem you're having (yet).

Replies are listed 'Best First'.
Re^4: CGI::Session - non-stop session creation problem
by Stenyj (Beadle) on Apr 07, 2005 at 04:52 UTC
    It wasn't that I didn't like your previous solution, it was more a matter of it sounding more complicated them I'm prepared to handle and may not even have enough control of the webserve I'm hosted on to implement it.

    I was using the existence of the cookie as the method of determining whether or not the user is logged in.
    I've decided this is not adequate, as it's possible that there's a cookie in place but no session to match it (ie. if the session expires before the cookie does, or something of that sort).

    So, what I'm really looking to do (and I'm amazed that this isn't a simple solution, but perhaps it's because I'm using sessions in a messed up manner compared to how they're suppose to be used) is to see if there's a session with the SID stored in the cookie that's active.
    If there is, then grab data from session.
    If there isn't, do NOT create session.

    When I use this code:
    my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (defined $sid) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
}

    [download]

    if anything is contained in the 'main' cookie (which there shouldn't be if it's set at the same time the session is, and they both have the same expire time... but sometimes the cookie still seems to stay active longer) then it creates a session... even if what's in the 'main' cookie is NOT a SID for the session.

    I just realized that my session expiration time is longer then my session expiration time, so I'll match them (they're both set at the same time, in the same script) which should theoretically eliminate this problem.

    I just assumed that there would be a simple way to simply test for the existence of a specific session, without forcing a new one to be created if the specific one that was tested for didn't exist.

    Thx for all the feedback guys! I really appreciate it.


    Stenyj
[reply]
[d/l]

      Ok, I think I know what you mean now. You want something like this (doesn't work because CGI::Session doesn't support it): 

      $session = CGI::Session->new(undef, $sid, {Directory=>'C:/apache/sessi
+ons',NoCreateIfNotExists=>1});

      [download]
      I'm not entirely clear on the architecture of CGI::Session, but that may need to go into the DSN instead. Anyway, once you tell it not to autocreate new sessions, the code would have to change to honour it.

      Another alternative, which I just stumbled upon. Which you may not like for similar reasons as before. I suspect this is how the author of CGI::Session envisions doing what you ask for: 

      my $sid = $foo->cookie('main') || undef;
my $session; # = undef
if (defined $sid) {
  $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s
+essions'});
  $session->delete() if $session->is_new();
}

      [download]
      When you get the session, you can check if it's a new session or not. If it is, you can delete it. From what I can tell reading the code, this won't hit your hard disk at all. And the fact that the is_new sub is there at all says to me that this is the author's idea of solving this very problem.

[reply]
[d/l]
[select]
        One can't call delete on a session that was never saved (flushed), as discussed in this thread. Follow the link for a working solution.
[reply]
        That appears to be exactly what I'm looking for.
        Will test it shortly, and see how it goes.

        Thx for all the help!
[reply]

In Section Seekers of Perl Wisdom