http://www.perlmonks.org?node_id=1032410


in reply to Re^2: Problems getting session management to work: is_expired seems to lie to me
in thread Problems getting session management to work: is_expired seems to lie to me

compare your program to my program; my program creates sessions, your program never creates sessions

Basic debugging checklist , brian's Guide to Solving Any Perl Problem, CGI Help Guide , Troubleshooting Perl CGI scripts

Replies are listed 'Best First'.
Re^4: Problems getting session management to work: is_expired seems to lie to me (basic)
by ted.byers (Monk) on May 06, 2013 at 22:44 UTC

    Look again. A new session is created in the second half of the conditional block in my script. A new session is crated only the first time the page is accessed, which I can detect based on whether or not $cnt is defined.

    Thanks

    <Ted

      :D

      the cookie expires , so the browser doesn't send the cookie, so there is no sessionid

      the problem with your code, you're branching on cnt, not on cookie -- cnt having true value doesn't mean there is cookie (browser already expired it, not sent)

      if you add ;CGISESSID=46f86ba31e44829feae6755e5695eca4 to the end of cnt url you'll get both is_expired and is_empty

      basic debugging checklist works :)

        Actually, I just tried that, and it told me that the session has not expired but the session is empty. $cnt has a value only on second and subsequent access to the page. if it is not defined, then I know I haven't accessed the page yet, and so there is no session until I create it in the second part of conditional block. All other accesses ought to have a session object, either a valid one or one that has expired. If the cookie is expired in the browser, then how can the server get the session ID and use that to determine whether or not the session has expired? If the cookie is expired, and thus not sent by the browser, the server can not use ID to determine whether or not the session has expired, let alone attempt to access its data, and this would imply that instead of using is_expired, one must check for the existance of the CGISESSID cookie; and this is what I would have done had the documentation indicated that the only way to determine whether or not the session has expired is to check that cookie. And, in fact, if there is no session cookie, why does function load not return NULL, since it would have no way to know what session data to try to load? I have not looked at checking the cookies, but will, but if your explanation is correct, then the documentation would seem to be misleading.

        Thanks

        Ted