I understand that you should not rely solely on the presence or absence of a cookie to decide if the user is logged on or not.
I was just providing a small sample code to illustrate the fact that I am unable to save a new session ID cookie to the browser.
I'm astonished at how difficult sessions are to get working, even for an experienced Perl programmer like me. | [reply] |
I'm astonished at how difficult sessions are to get working, even for an experienced Perl programmer like me.
I'm not :) HTTP is complicated enough, and then you have to deal with implementation details of CGI.pm and CGI::Sessions.pm
CGI::Session->new will try to load a session first, and only create a new session if it fails to load one
The thing is, since in CGI protocol, cookies are retrieved via $ENV{HTTP_COOKIES}, if there is a cookie set, CGI::Session will always load an existing session, because CGI.pm (or CGI::Cookies.pm) will always read $ENV{HTTP_COOKIES}
Hopefully you have read Basic cookie management (May 01) by now,
but here is how you fix your program without changing the program flow,
you delete the session if you can load it, then you create a new one
if ($action eq 'login') {
$session = CGI::Session->load( "driver:File", undef, $dsn_args );
eval {
$session->delete;
$session->flush;
};
$session = CGI::Session->new( "driver:File", undef, $dsn_args )
or die CGI::Session->errstr;
}
| [reply]
[d/l] |
It worked! Thx a million!
Is it me, or is the documentation for CGI::Session severely misleading? It clearly says:
new( DSN, SID, HASHREF )
Requires three arguments. First is the Data Source Name, second should be the session id to be initialized or an object which provides either of 'param()' or 'cookie()' mehods. If Data Source Name is undef, it will fall back to default values, which are "driver:File;serializer:Default;id:MD5".
If session id is missing, ***it will force the library to generate a new session id***, which will be accessible through id() method.
But obviously, it doesn't. | [reply] |