Re: Re: Loging a user out with CGI and Cookies?

Trimbach, you may be half right. But it is possible to accomplish this without a two-step process.

First, the browser can indeed handle the cookie header and the "Location: ..." header line in the same server response. The Location line must come last and it must end with two new-lines.

But I can find no indication in my quick re-visiting of the docs that the CGI redirect function allows the specification of a cookie along with the redirect. (Update: but see the following response by athomason.) And the CGI pod says don't print a header along with a redirect.

So I accomplish this manually:

  print "Set-Cookie: $usr=x;expires=-1d\n";
  print "Location: http://mypage.com/my_login.html\n\n";
[download]

There may be a gotcha here but I haven't run into it.

BTW, are you sure that $in{usr} and $usr have the same value? That would, of course, be crucial to what you are trying to do.

Comment on Re: Re: Loging a user out with CGI and Cookies? Select or Download Code

Replies are listed 'Best First'.
Re: Re: Re: Loging a user out with CGI and Cookies? by athomason (Curate) on Apr 16, 2001 at 05:53 UTC
As dvergin points out, browsers are perfectly capable of handling cookies sent with redirects. Fortunately, CGI.pm also supports it, though you have to dig a bit to be sure. The CGI pod indeed does not mention such a procedure, but it is supported. Browsing the code of the `redirect` sub in CGI.pm you can see: #### Method: redirect # Return a Location: style header # #### 'redirect' => <<'END_OF_FUNC', sub redirect { my($self,@p) = self_or_default(@_); my($url,$target,$cookie,$nph,@other) = $self->rearrange([[LOCATION +,URI,URL],TARGET,COOKIE,NPH],@p); $url = $url \|\| $self->self_url; my(@o); foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); } unshift(@o, '-Status'=>'302 Moved', '-Location'=>$url, '-nph'=>$nph); unshift(@o,'-Target'=>$target) if $target; unshift(@o,'-Cookie'=>$cookie) if $cookie; unshift(@o,'-Type'=>''); return $self->header(@o); } [download] Note in particular the `-Cookie` bit. And nicely enough, this actually works as intended. I've used bits like the following successfully: `$cookie = cookie( -name => $COOKIE_NAME, -value => $session_key, -expires => $COOKIE_EXPIRE, -path => $SCRIPT_PATH, -domain => $SCRIPT_DOMAIN, -secure => 0 ); ... print redirect( -uri => 'view.cgi', -cookie => $cookie );` [download] I admit I'm not sure why OP's bit fails. r.jospeh, take a look at the cookie files for the site you're connecting to in order to make sure they're correct. Offhand, I'd suspect (like dvergin) a difference in `$in{usr}` and `$usr` is the problem. If not, you could set up a dirty HTTP server (with HTTP::Daemon, for instance) to see what's going on with your logout cookie.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Re: Loging a user out with CGI and Cookies?
by athomason (Curate) on Apr 16, 2001 at 05:53 UTC

dvergin

redirect

#### Method: redirect
# Return a Location: style header
#
####
'redirect' => <<'END_OF_FUNC',
sub redirect {
    my($self,@p) = self_or_default(@_);
    my($url,$target,$cookie,$nph,@other) = $self->rearrange([[LOCATION
+,URI,URL],TARGET,COOKIE,NPH],@p);
    $url = $url || $self->self_url;
    my(@o);
    foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
    unshift(@o,
         '-Status'=>'302 Moved',
         '-Location'=>$url,
         '-nph'=>$nph);
    unshift(@o,'-Target'=>$target) if $target;
    unshift(@o,'-Cookie'=>$cookie) if $cookie;
    unshift(@o,'-Type'=>'');
    return $self->header(@o);
}
[download]

Note in particular the -Cookie bit. And nicely enough, this actually works as intended. I've used bits like the following successfully:

$cookie = cookie(
  -name    => $COOKIE_NAME,
  -value   => $session_key,
  -expires => $COOKIE_EXPIRE,
  -path    => $SCRIPT_PATH,
  -domain  => $SCRIPT_DOMAIN,
  -secure  => 0
  );

...

print redirect( -uri => 'view.cgi', -cookie => $cookie );
[download]

I admit I'm not sure why OP's bit fails. r.jospeh, take a look at the cookie files for the site you're connecting to in order to make sure they're correct. Offhand, I'd suspect (like dvergin) a difference in $in{usr} and $usr is the problem. If not, you could set up a dirty HTTP server (with HTTP::Daemon, for instance) to see what's going on with your logout cookie.

[reply]
[d/l]
[select]