Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^5: Problems getting session management to work: is_expired seems to lie to me (cookies)

by Anonymous Monk
on May 06, 2013 at 23:37 UTC ( [id://1032414]=note: print w/replies, xml ) Need Help??


in reply to Re^4: Problems getting session management to work: is_expired seems to lie to me (basic)
in thread Problems getting session management to work: is_expired seems to lie to me

:D

the cookie expires , so the browser doesn't send the cookie, so there is no sessionid

the problem with your code, you're branching on cnt, not on cookie -- cnt having true value doesn't mean there is cookie (browser already expired it, not sent)

if you add ;CGISESSID=46f86ba31e44829feae6755e5695eca4 to the end of cnt url you'll get both is_expired and is_empty

basic debugging checklist works :)

Replies are listed 'Best First'.
Re^6: Problems getting session management to work: is_expired seems to lie to me (cookies)
by ted.byers (Monk) on May 07, 2013 at 00:13 UTC

    Actually, I just tried that, and it told me that the session has not expired but the session is empty. $cnt has a value only on second and subsequent access to the page. if it is not defined, then I know I haven't accessed the page yet, and so there is no session until I create it in the second part of conditional block. All other accesses ought to have a session object, either a valid one or one that has expired. If the cookie is expired in the browser, then how can the server get the session ID and use that to determine whether or not the session has expired? If the cookie is expired, and thus not sent by the browser, the server can not use ID to determine whether or not the session has expired, let alone attempt to access its data, and this would imply that instead of using is_expired, one must check for the existance of the CGISESSID cookie; and this is what I would have done had the documentation indicated that the only way to determine whether or not the session has expired is to check that cookie. And, in fact, if there is no session cookie, why does function load not return NULL, since it would have no way to know what session data to try to load? I have not looked at checking the cookies, but will, but if your explanation is correct, then the documentation would seem to be misleading.

    Thanks

    Ted

      WOW, that is like logic puzzles -- are you running on caffeine?

      Add something like  print $query->escapeHTML( scalar Dumper( $query, $session ) ) after each start_html

      start fresh browser session,

      1. visit one page,
      2. in another tab visit same page,
      3. then click the count link in another tab,
      4. click it again in another tab,
      5. wait 10 seconds (which you use for expire for testing), then click open count in another tab again
      6. then copy/paste ;CGISESSID=... and append to a url and open in another tab

      compare each dumper to one another and you'll see
      no cookie on 1st tab,
      cookie on 2nd tab, same cookie on 3rd and 4th tab,
      no cookie on 5th tab
      no cookie on 6th tab

      Many trip over cgi/cookies/sessions :) Basic cookie management (May 01) , Cookie login (pseudocode), PRG...

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1032414]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others scrutinizing the Monastery: (5)
As of 2024-03-19 11:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found