Re^2: session file umask

I tried the '/' path, and I'm getting the same results.

This web app is for an internal intranet site, so I didn't bother with securing the login page or any subsequent pages. ...I'm not changing the domain, either.

I'd thought about the DB, but eliminated that idea for the very reasons you mentioned...plus for an internal site, the added security wasn't important enough for the overhead. Not to mention, I didn't want to go through the extra effort of setting up and learning postgresql on this server ;)

Comment on Re^2: session file umask

Replies are listed 'Best First'.
Re^3: session file umask by scorpio17 (Canon) on Jan 13, 2009 at 20:45 UTC
If a simple (working) demo would be useful, some time back I wrote a tutorial showing how to create a basic login page: A Beginners Guide to CGI::Application If you want file-based sessions, change this part of Login.pm: `CGI_SESSION_OPTIONS => [ "driver:mysql;serializer:Storable;id:md5", $self->query, {Handle => $self->dbh}, ],` [download] To this: `CGI_SESSION_OPTIONS => [ "driver:File", $self->query, {Directory => "/tmp/sessions"}, ],` [download] Then, assuming your web server runs as 'nobody', do this: `mkdir /tmp/sessions chown nobody:nobody /tmp/sessions cmod 755 /tmp/sessions` [download] One final gotcha - make sure you've got all the same versions of all your modules being used on both servers. I try to install on my modules locally, then I can just tar up the modules directory and copy it to a new server, and be sure that I'm running the exact same (noncore) stuff everywhere.	[reply] [d/l] [select]
Re^4: session file umask by ksublondie (Friar) on Jan 13, 2009 at 21:31 UTC
I guess I should have posted my code from the start. Please forgive me of my transgression. `sub cgiapp_init { my $self = shift; $self->error_mode('error_runmode'); $CGI::Session::IP_MATCH = 1; $self->session_config( CGI_SESSION_OPTIONS => [ "driver:File", $self->que +ry, { Directory => $CONFIG{sessiondir} } ], COOKIE_PARAMS => { -name => 'FNBINTRANET', -path => '/', -secure => 1, -httponly => 1, }, SEND_COOKIE => 1, ); }` [download] I've checked all the relevant modules and the only difference was that the working original server was using older modules and the new server was using the latest & greatest on everything. I've updated the original server modules and nothing broke, but the new server is still not working... The original server IS using db for the sessions. I copied the exact same code over, installed the necessary modules, setup my session dir, and modified the code above to use files instead of db...was there a step I forgot?	[reply] [d/l]
Re^4: session file umask by ksublondie (Friar) on Jan 14, 2009 at 18:54 UTC
GOT IT! I commented out the COOKIE_PARAMS & SEND_COOKIE lines and now it works! I have no idea why, but at this point, I don't care cause it works... Thanks guys for the help!	[reply]