|go ahead... be a heretic|
Concern with CGI::Sessionby Anonymous Monk
|on Jun 14, 2005 at 06:20 UTC||Need Help??|
Anonymous Monk has asked for the
wisdom of the Perl Monks concerning the following question:
When speaking of of a user session management, a lot of people referred me to CGI::Session.
I started learning it the other day and now just confused as hell on what I'm supposed to do with this situation I'm in. I'm not sure if its just me or CGI::Session is not intended for sites that require authentication of their users.
From the CGI::Session::Tutorial doc:
The above syntax will first try to initialize an existing session data, if it fails ( if the session doesn't exist ) creates a new session: just what we want. But what if the user doesn't support cookies? In that case we would need to append the session id to all the urls as a query string, and look for them in addition to cookie:
Notice how it says if it fails to initialize an existing session data from $sid, then it creates a new session. What if we don't want it to create a new session automatically? Doesn't that defeat the whole purpose of a "members" area page that requires you to initialize a valid session?