hesco has asked for the wisdom of the Perl Monks concerning the following question:

OK, unable to sort out the CGI::Session::Auth issues I've encountered in my latest module, I wrote the following script in hopes of breaking down the use of the module, making it plain. But this script is showing the same behavior to me that my complicated module is showing. That is to say, that upon submission of my NextForm, and w/o losing my session cookie, I am returned to the login form. Why is this? What, pray tell, am I missing here?

-- Hugh

#!/usr/bin/perl -w
use strict;
use warnings;
use CGI;
use CGI::Session;
use CGI::Session::Auth;
use CGI::FormBuilder;

my $q = CGI->new();
my $s = CGI::Session->new(undef,$q,{ Directory => '/tmp' });
my $auth = CGI::Session::Auth->new({ CGI => $q, Session => $s });
$auth->authenticate();

my $html;
if($auth->loggedIn){
  $html = showSecretPage($html);
} else {
  $html = showLoginPage();
}

print $s->header;
print $html;
print STDERR "Found end of script.\n";
1;

sub showSecretPage {
  my $html = shift;
  print STDERR "We are now logged in.\n";
  showNextForm($html);
}

sub showLoginPage {
  my $form = CGI::FormBuilder->new(
      name => 'LoginForm',
      method => 'post',
    );
  $form->field( name => 'userid', label => 'UserID' );
  $form->field( name => 'pw', label => 'PassWord', type => 'password' 
+);

  my $html;
  if($form->submitted && $form->validate){
    $html = $form->confirm( header => 0 );
    $html .= showNextForm();
  } else {
    $html = $form->render( header => 0 );
  }
  return $html;
}

sub showNextForm {
  my $form = CGI::FormBuilder->new(
      name => 'NextForm',
      method => 'post',
    );
  $form->field( name => 'name', label => 'Name' );
  $form->field( name => 'age', label => 'Age' );

  my $html;
  if($form->submitted && $form->validate){
    $html .= $form->confirm( header => 0 );
  } else {
    $html .= $form->render( header => 0 );
  }
  return $html;
}

[download]
if( $lal && $lol ) { $life++; }

Replies are listed 'Best First'.
Re: Stumbling through CGI::Session::Auth, what am I missing?
by moritz (Cardinal) on Oct 08, 2008 at 14:40 UTC
    My first idea is to call $s->flush at the end of the script to force session storage.

    Do you see any stored sessions in /tmp/?

[reply]
[d/l]
[select]
      Twenty-seven cgisession_* files in /tmp since this morning's power failure. Adding $s->flush() as indicated here:

      my $html;
if($auth->loggedIn){
  $html = showSecretPage($html);
} else {
  $html = showLoginPage();
}

$s->flush();
print $s->header;
print $html;
print STDERR "Found end of script.\n";
1;

      [download]
      doe not seem to change the outcome. My latest session looks like:

      $D = {'_SESSION_ID' => '95886e9532f65d07af0436e5df67808e','_SESSION_AT
+IME' => 1223482676,'_SESSION_EXPIRE_LIST' => {},'_SESSION_REMOTE_ADDR
+' => '127.0.0.1
','_SESSION_CTIME' => 1223474594};;$D

      [download]
      But except for its creation and updating its access time, I'm not storing any data in this session which should require a ->flush(), if I understand this properly -- which I probably don't or I would be refactoring my old script into my new module instead of poking around on perlmonks, I guess.

      if( $lal && $lol ) { $life++; }
[reply]
[d/l]
[select]
        Did you ever find a solution to this? I am having the exact same issue. All of the data is stored in $auth successfully, but that data isn't making its way into the session (I'm using MySQL to store the data).
[reply]

Back to Seekers of Perl Wisdom