dariusj has asked for the wisdom of the Perl Monks concerning the following question:

I'm programming a website with authentication using CGI::Session. Everything seems to go well on the authentication page, though when it moves on to the next page the page doesn't seem to be recognising that a session is open...! frustrating to say the least...

I'm following this tutorial on cpan - this is how I'm initialising the session:

$session = new CGI::Session(undef, undef, {Directory=>'./tmp'}) or die
+ CGI::Session->errstr;

[download]
After that I have an if-else clause, with the cgi acting accordingly to what the user clicked on: 
my $action = $cgi->param("submit");

if($action eq "Sign in") { #If user signing in
  $cookie = $tools->sign_in($cgi,$dbh,$session);
  if($cookie eq "0") { #Login failed
    print $cgi->header;
    print $cgi->start_html(-title=>"Home Page");
    print "Login failed";
    $session->delete;
    $logged = 0;
  }
  else { #Login successful
    print $cgi->header(-cookie=>$cookie);
    print $cgi->start_html(-title=>"Home Page");
    print "Welcome ".$session->param("user_name");
    print $cgi->start_multipart_form(-method=>'post',
                 -action=>'main.pl',
                 -name=>'sign_out');
    print $cgi->submit(-name=>'submit',-value=>'Sign out');
    print $cgi->end_form;
    $session->expire('+30m');
    $logged = 1;
  }
}
else {
  print $cgi->header;
  print $cgi->start_html(-title=>"Home Page");
}

[download]
The sign_in method returns 0 if authentication was unsuccessful, and a cookie otherwise and creates a sign_out button.

The session expires in 30 mins and is present in the file is present in the right directory.

Once the user is signed in, he can select a radio button and open another page - here I always get an empty session!

This is the next page's session initialisation, and is pretty much straight from the tutorial:

my $session = CGI::Session->load or die
CGI::Session->errstr;
print $session->header;
if ($session->is_expired) {
  print $session->header,
    $cgi->start_html,
     $cgi->p("Your session timed out. Click here to start a new sessio
+n."),
   $cgi->end_html;
  exit(0);
}
if($session->is_empty) {
  print $cgi->start_html;
  print "Click here to sign in";
  print $cgi->end_html;
  exit(0);
}

[download]
It always goes to the is_empty clause. Any idea what I'm doing wrong?

Thanks!

Replies are listed 'Best First'.
Re: Perl CGI::Sessions
by vc_will_do (Sexton) on Aug 31, 2007 at 03:39 UTC

    please make sure that your sessions are send to browser by checking $f_name = $session->param('user_name'); In the code for second page, check for if ($session->is_expired) will fail as your session is valid. For some reason session is empty. CGI::Session->load() says that Notice, all expired sessions are empty, but not all empty sessions are expired! So make sure that your session data for user_name is set in browser properly.

    Also, Why are you using CGI object to set cookie when you can do it with $session object itself like  print $session->header();

[reply]
[d/l]
[select]
      Thanks for your reply - it's taken me a while to get back to this code, but I need to get it finished soon!
      As you suggested, I got rid of $cookie altogether, now I'm just using 
      $session->header();
      - however things don't seem to have changed.
      I realise the point you're making regard the CGI::Session->load(), in fact the sessions aren't passed at all, they aren't expired, but empty!
      I tried $session->param('user_name'), but get no result. I think my code's not finding the CGISESSID server-side file that is being created. I tried 
      $session = CGI::Session->load(undef, undef, {Directory=>'./tmp'}) or die CGI::Session->errstr();
      (i.e. using the CGI::Session->new parameters with load, to try and point it to the correct directory), but this doesn't seem to find the files either.
      Can anyone see something wrong in my code? I hope it's clear what I've done... otherwise just ask - would seriously appreciate any help!
      Thanks!
[reply]
Re: Perl CGI::Sessions
by deMize (Monk) on Jun 25, 2010 at 00:32 UTC
    Comment: This was never answered, so I'm curious if anyone is still interested, or if it has been solved. I'd like to know what was wrong :-\

    I'd give advice that was given earlier to me by moritz, make sure to flush the session, so that it's stored to disk properly: $session->flush();

    Otherwise I'd want to see more code.

    Demize
[reply]
[d/l]
      life saving advice!!!

      always use $session->flush()

      !!!!

      sometimes the redirection to the new page happens before session saves things to disk!

      I guess when the cgi script exits the session file is saved to disk, but redirecting to the new page happens before the script exits...

      thanks moritz and deMize

      bliako

[reply]
      Comment: This was never answered, so I'm curious if anyone is still interested, or if it has been solved. I'd like to know what was wrong :-\

      The OP hasn't been here in over a year ... the one person who answered hasn't been here in over a year ... you've been here a little over a year :) ... the OP only provided a fragment ... see Re^3: CGI::Session - expiry

[reply]
        Yeah, I know it was old, but I come back to these questions time and again. It's nice to have a solution in the actual post, rather than many posts asking the same question and only one answer embedded in one of them.

        Thank you, anonymonk for replying though :)

        Demize
[reply]
Re: Perl CGI::Sessions
by deMize (Monk) on Jun 25, 2010 at 14:47 UTC
    Comment: This was never answered, so I'm curious if anyone is still interested, or if it has been solved. I'd like to know what was wrong :-\

    I'd give advice that was given earlier to me, make sure to flush the session, so that it's stored to disk properly: $session->flush();

    Otherwise I'd want to see more code.

    Demize
[reply]
[d/l]
      I don't know why this is a duplicate post - I just edited the other one to give the proper credit to moritz, please don't downvote this.
[reply]

Back to Seekers of Perl Wisdom