Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi i am trying to implement sessions in my web application. I have been using a number of different web resources including cspan to help me. However i keep stumbling upon errors. The code i am using is shown below 
if($ENV{REQUEST_METHOD} eq 'POST')
{
    $q = new CGI;

    $username = $q->param('user_name');
    $pword = $q->param('pwd');

}

my( $session, $query, $cookie, $name, $cgi);

#Create a new session
$session = new CGI::Session(undef, undef, {Directory=>'./tmp/sessions'
+});

#Allow cgi-session read the cookie at the next request
$cookie = $query->cookie( -name => $session->name,
                          -value => $session->id );
print $query->header( -cookie=>$cookie);

#Store the username in the session
$name = $cgi->param($username);
$session->param($username, $name);

#Check if the username and password match
#Do rest of code

[download]
I keep getting the error "Can't call method "cookie" on an undefined value" I am not sure if the place that i put the session in my code effects how it runs? I have it stored after the params are read in from the form submitted by the user, but before checks are done to validate those params submitted by the user. Can anybody tell me why this is happening, and where I am going wrong. I would greatly appreciate any help!

Replies are listed 'Best First'.
Re: Sessions problems
by dorward (Curate) on Dec 13, 2006 at 10:09 UTC

    I think you mean CPAN rather than CSPAN.

    The first thing to do is:

    use strict;
use warnings;

    [download]

    That will catch a number of issues with your code.

    I keep getting the error "Can't call method "cookie" on an undefined value"

    In the line:

    my( $session, $query, $cookie, $name, $cgi);

    You create a scalar called "$query", but you don't assign a value to it. By the time you use it two (non-blank, non-comment) line later, you still haven't assigned a value to it.

    Judging from the methods you are calling on it, I think you want it to be a CGI object. You create one earlier in the script.

     $q = new CGI;

    So just reuse that instead of creating another one. (Note that you'll need to move the line, otherwise you'll run into problems since it won't be created if the request isn't POST (there would also be scoping issues if you were following the normal practise of using strict/warnings and scoping the variable with my).

    I am not sure if the place that i put the session in my code effects how it runs? I have it stored after the params are read in from the form submitted by the user, but before checks are done to validate those params submitted by the user.

    I wouldn't create the session until I knew the credentials were good. That way, if the session exists then you know you've already checked the credentials and you don't need to check them with every single request.

[reply]
[d/l]
[select]
Re: Sessions problems
by themage (Friar) on Dec 13, 2006 at 10:15 UTC
    Hi,

    The question you should do is: Where am I calling the cookie method? The answer is: 
    $cookie = $query->cookie( -name => $session->name,
                          -value => $session->id );

    [download]
    So, the next question is... Where is the $query variable created? (That I can't answer as it isn't created in the code you submitted.)

    Answer this question, and probably you'll have the solution to you problem.

    Note: use strict; use warnings; are your friends.

    TheMage
    Talking Web
[reply]
[d/l]
[select]
      Thanks for the advice. I have now moved the session creation code to after the validation checking on the params that i am giving to the session. I was already using use strict; and have added use warnings; I have also changed the $query variable to $q so that it has the value $q = new CGI, created earlier as suggested by dorward. So the code reads as 
      if($ENV{REQUEST_METHOD} eq 'POST')
{
    $q = new CGI;

    $username = $q->param('user_name');
    $pword = $q->pword'pwd');

}
#####
validate username and pword
#####


my $cgi;
        #Create a new session
        $session = new CGI::Session("driver:File", undef, {Directory=>
+'./tmp/sessions'});

        #Allow cgi-session read the cookie at the next reques
        $cookie = $q->cookie( -name => $session->name,
                          -value => $session->id );

        print $q->header( -cookie=>$cookie);

        $name = $cgi->param($username);
        $session->param($username, $name);

      [download]
      Should the value for $cgi at: 
              $name = $cgi->param($username);

      [download]
      be $q as well or rather my $cgi = new CGI? Currently i have it defined at the beginning of the script as my $cgi; It is not causing an issue as at the moment i am still getting the error "Can't call method "cookie" on an undefined value at" Again i would really appreciate your help and suggestions with this problem thanks
[reply]
[d/l]
[select]

        I presume you only seting $q when it's a POST request to make sure that users only login with POST, but i think you'll still want to have a my $q = CGI->new() since you may want to, say, set $q->cookie or do a $q->header 'location: http://elsewhere.com/' etc regardless of wether the user has posted the form...

        CGI::param 'foo' will give you back foo from get/post-age, and will play nice and give you an undef if the form wasn't posted or that field wasn't supplied.

        If you're not unconditionally putting something in $q then you can't trust $q to be defined and so you should check that there's something there, every time you want to call something on it. It's only safe to do $q->somestuff() if ref $q ie you can only use methods on $q if it is an object (ie if it's a blessed reference) HTH

        @_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;
[reply]
[d/l]
[select]
        Yes, all the uses of $cgi should be tranformed to $q.

        TheMage
        Talking Web
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom