Re: Using CGI::Session for authentication

You need to 1. make sure that C::S is using the session ID to pull the previous session for a given user, and 2. make sure that the session ID is getting output to the user.

You can do 1. in two ways:

Pass your CGI instance to C::S in the constructor. It'll do its best to look for a cookie or param with the proper name.
You can pull the cookie or param from CGI with the session ID and pass that in.

As far as 2., your best bet is to always, no matter what, print your header as including a cookie containing the CGISESSID (or whatever you've decided to name it).

Of course, this will bomb miserably for users sans cookies. Be aware of this and consider testing for cookie usage and/or appending the ID to URLs and form variables (a PITA IMO).

Comment on Re: Using CGI::Session for authentication

Replies are listed 'Best First'.
Re^2: Using CGI::Session for authentication by rjsaulakh (Beadle) on Jun 24, 2005 at 09:56 UTC
rlucas i am too working with the same CGI::Session but i find myself no where as far as you say that your best bet is to always, no matter what, print your header as including a cookie containing the CGISESSID (or whatever you've decided to name it). i have reached sucess still this point i am able to print the cookie which i am sending to the user but the problem is that on subsequest pages when i try running the same script it creates a new session rather than intiallizing the existing one . i would like to add that i am not able to fetch the cookie i dont know whether my understanding is wrong or my handling of the code is wrong . my code is almost similar to the one posted with this node kidly guide	[reply]
Re^3: Using CGI::Session for authentication by rlucas (Scribe) on Jun 24, 2005 at 21:53 UTC
You need to find out exactly what is happening. I recommend that you begin a fresh session with cookies cleared from browser and browser set to ask you for each cookie. Also, use file-based Data::Dumper serialization (for transparency in observing file contents) in CGI::Session and clear out the session directory. (Clean initial condition) Finally, make sure to write the received cookie info to the error log so that you can tell when your app either sets (via browser asking you) or receives (via server error log) a cookie. Then, go to the app and observe the cookie that is set and the file that is created. Go again to the app, verify that the cookie that was set is indeed sent back, and processed properly. Verify that the same cookie gets set again with identical session ID value. The answer for you will be found wherever this breaks down. Good luck.	[reply]
Re^2: Using CGI::Session for authentication by thekestrel (Friar) on Jun 28, 2005 at 16:51 UTC
rlucas, Thanks for your advice, I have it all working now with the cookie method. I haven't implemented the idea of putting the session ID in the URL yet if cookies aren't enabled, but its on the list. =) Regards Paul.	[reply]
Re^3: Using CGI::Session for authentication by serotta1958 (Novice) on Aug 07, 2011 at 15:36 UTC
Kestrel, your example calls a file called login.html. I am kind of a rookie and it would be very helpful if you could add that file to the post.	[reply]
Re^4: Using CGI::Session for authentication by Anonymous Monk on Aug 07, 2011 at 16:25 UTC
Hi Whatever the actual contents of that html file, the only important bits, are the form CGI, contains example forms in the docs and examples See also Tutorials: Web Programming: CGI Programming CGI Programming 101 Ovid's CGI Course See also http://www.cgi-app.org, http://www.catalystframework.org/, http://mojolicio.us/ For future reference, when posting replies, you should consider the age of the question :) thekestrel, whom you asked a question, hasn't been here in 2 years. The node to which you replied is 6 years old.	[reply]