cranberry13 has asked for the wisdom of the Perl Monks concerning the following question:

Dearest Monks,
My deepest apologies for bothering you again -- I hope this is my last question on CGI sessions.

I have spent another two hours trying to figure this out ... i could spend some more time but I'm going to throw something soon if I don't figure this out.

I've looked at a lot of examples ... most of them do the following:

  • 1. create a new session and cookie object
  • 2. store some info into the cookie
  • 3. flush the session and cookies
  • 4. retrieve the info from the cookie and print it to the screen.

    These examples frusturate me so much -- why would anyone be interested in retrieving the cookie info that they just set??!!?

    Which leads me to my question.

    In every other script after the person logs in (login.pl) I check whether the user is logged in. I create the session object and try to retrieve the userid (which I previously stored). If the userid is empty, then the person is not logged in (right?). If the userid exists, it's a flag that the person is logged in and I have go ahead and retrieve sensitive info from the my DB and display it to the screen.

    Here is the code for when the user logs in (sets the user id cookie and sessionid): 

    ## step 1. take the username and password from the form
## step 2. query the mysql db and check to see whether the password  i
+s good for the username
## Now create session id and set cookies .....

                $cgi = new CGI;
                $session = new CGI::Session("driver:DB_File",undef,{Di
+rectory=>'/tmp'});
                $sid=$session->id();
                $session->param("userid",$newuserid);
                $cookie=$cgi->cookie(CGISESSID=>$session->id);
                print $cgi->header(-cookie=>$cookie);
                $cookieuserid=$session->param("userid");
## now we can display anything to them because they just logged in

    [download]

    And here is the code in a procedure that i call at the beginning of every script in my cgi-bin (excluding login.pl) that checks to see whether the user is logged in. The userid is the flag that determines whether they're logged in or not. 

    sub CheckIfUserIsLoggedIn
{

use CGI::Session;
my ($sid,$session,$userid);

$cgi=new CGI;
$sid=$cgi->cookie("CGISESSID")||undef;
$session = new CGI::Session("driver:DB_File",undef,{Directory=>'/tmp'}
+);
$userid = $session->param("userid");

if ($userid eq "")
{
print "Content-type: text/html\n\n";
print "You are not logged in!!\n\n";
exit;
}
else
{
## display whatever I want to this user
}
}

    [download]

    What am i doing wrong? The statement "You're not logged in" keeps appearing. <sigh> You guys are great <sniff>

    • Replies are listed 'Best First'.
    Re: one last question about CGi session
    by dragonchild (Archbishop) on Jul 15, 2004 at 12:07 UTC
      You need to pass the $sid to the CGI::Session->new() call in your CheckIfUserIsLoggedIn() function as the second parameter. Did you actually read the documentation for CGI::Session? (Click on the link if you haven't.)

      Also - you will probably want to read merlyn's column on the topic of sessions. Your method isn't very secure.

      ------
      We are the carpenters and bricklayers of the Information Age.

      Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

      I shouldn't have to say this, but any code, unless otherwise stated, is untested

    		[reply]
        Dear Dragonchild,
        Hey! it works now :) Thanks for the reference to Merlyn's column. Great stuff.

        Thanks for getting me through this bottleneck -- Now I can go on to the good stuff!!

        ps. Of course I read (and reread about a thousand times) the tutorial. THe window is still up on my screen and I keep referring back to the code.

    		[reply]

    Back to Seekers of Perl Wisdom