Dearest Monks,
My deepest apologies for bothering you again -- I hope this is my last question on CGI sessions.

I have spent another two hours trying to figure this out ... i could spend some more time but I'm going to throw something soon if I don't figure this out.

I've looked at a lot of examples ... most of them do the following:

  • 1. create a new session and cookie object
  • 2. store some info into the cookie
  • 3. flush the session and cookies
  • 4. retrieve the info from the cookie and print it to the screen.

    These examples frusturate me so much -- why would anyone be interested in retrieving the cookie info that they just set??!!?

    Which leads me to my question.

    In every other script after the person logs in (login.pl) I check whether the user is logged in. I create the session object and try to retrieve the userid (which I previously stored). If the userid is empty, then the person is not logged in (right?). If the userid exists, it's a flag that the person is logged in and I have go ahead and retrieve sensitive info from the my DB and display it to the screen.

    Here is the code for when the user logs in (sets the user id cookie and sessionid): 

    ## step 1. take the username and password from the form
## step 2. query the mysql db and check to see whether the password  i
+s good for the username
## Now create session id and set cookies .....

                $cgi = new CGI;
                $session = new CGI::Session("driver:DB_File",undef,{Di
+rectory=>'/tmp'});
                $sid=$session->id();
                $session->param("userid",$newuserid);
                $cookie=$cgi->cookie(CGISESSID=>$session->id);
                print $cgi->header(-cookie=>$cookie);
                $cookieuserid=$session->param("userid");
## now we can display anything to them because they just logged in

    [download]

    And here is the code in a procedure that i call at the beginning of every script in my cgi-bin (excluding login.pl) that checks to see whether the user is logged in. The userid is the flag that determines whether they're logged in or not. 

    sub CheckIfUserIsLoggedIn
{

use CGI::Session;
my ($sid,$session,$userid);

$cgi=new CGI;
$sid=$cgi->cookie("CGISESSID")||undef;
$session = new CGI::Session("driver:DB_File",undef,{Directory=>'/tmp'}
+);
$userid = $session->param("userid");

if ($userid eq "")
{
print "Content-type: text/html\n\n";
print "You are not logged in!!\n\n";
exit;
}
else
{
## display whatever I want to this user
}
}

    [download]

    What am i doing wrong? The statement "You're not logged in" keeps appearing. <sigh> You guys are great <sniff>

    In reply to one last question about CGi session by cranberry13

    Title:
    Use:  <p> text here (a paragraph) </p>
    and:  <code> code here </code>
    to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.