Beefy Boxes and Bandwidth Generously Provided by pair Networks Joe
Just another Perl shrine
 
PerlMonks  

CGI::Application redirect loses cookie

by bradcathey (Prior)
on Jan 06, 2009 at 01:51 UTC ( #734324=perlquestion: print w/ replies, xml ) Need Help??
bradcathey has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monasterians:

Using CGI::Application::Plugin::Session and CGI::Application::Plugin::Redirect I was struggling with a session cookie being rewritten and losing values between trips to the server. Finally another coder pointed me to this piece that states:

Redirection—or any other non standard (200 OK) output page HTTP result —does not allow additional HTTP headers to be added to the request, which effectively means you cannot Redirect and send a cookie on the same request. Instead you have to create an intermediate page contains redirect link in a META tag, or a phyical HREF link the user clicks on to go to the next page. HTML pages and browsers support the META Refresh tag which makes this possible."

Seems kludgy at best, so I was wondering if there is another way to get around this? Here's the scenario:

Submission of | [login.tmpl] form | fires instance script | [login.cgi] | that calls | [Login.pm] | which authenticates user and assigns the user's id to | $self->session->param('user_id' => $user_id) | and then | $self->redirects('admin.cgi'), an instance script which fires | [Admin.pm] | which tries to retrieve | $self->session->param('user_id') | which is undef'ed

So, is there a way to avoid the HTML metatag redirect method and keep it Perlish? Thanks!

—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Comment on CGI::Application redirect loses cookie
Download Code
Re: CGI::Application redirect loses cookie
by ww (Bishop) on Jan 06, 2009 at 02:49 UTC
    "Kludgy?!"

    My perspective, coming to perlish ways from an html background, is that using a meta refresh (or, recognizing that some search engines penalize those, using an intermediate page) is an absolutely standard technique, involving minimal muss and fuss.

    Granted that those "If you are not redirected within 5 seconds...." pages can be annoying, a little agita seems bearable if that statement you quote, "effectively means you cannot Redirect and send a cookie on the same request," is fundamentally accurate.

    All that said, I suspect there is a perlish way to do what you're seeking... but I also suspect that that mechanism, if one exists, will be kludgy, hackish, or (worse) utterly unsafe.

      Hmmmm, points well taken. Maybe I'll just have to buck up and go with "kludgy." But you have to admit would be nice if I good just do $self->redirect() :)

      —Brad
      "The important work of moving the world forward does not wait to be done by perfect men." George Eliot
        Perhaps not the answer you were looking for, but maybe you need a framework that supports server side redirects, e.g. with Catalyst your login controller would be able to forward control to the admin controller without going through an HTTP redirection.
Re: CGI::Application redirect loses cookie
by Your Mother (Canon) on Jan 06, 2009 at 04:32 UTC

    Here's a small proof that that "other coder" is no friend of yours.

    use strict; use warnings; use CGI qw(:standard); use URI; my $uri = URI->new( url() ); $uri->query(undef); if ( my $redirect = param("redirect") ) { my $cookie = cookie( -value => $redirect, -name => "nom" ); print redirect( -uri => $uri, -cookie => $cookie, -status => 302 ); } else { my $cookie_value = cookie("nom"); my $cookie = cookie( -value => "cleared", -name => "nom" ); print header(-cookie => $cookie), start_html("Redirection with Cookies and Milk"), h1("OH HAI, I CAN HAZ COOKEE?"), h2("Nom, nom: ", $cookie_value), start_form(), radio_group( -name => "redirect", -value => [ qw( A one two three ) ], ), submit(), end_form(), end_html(); }

    Just verified to work in IE (6), FF, and Safari. :)

Re: CGI::Application redirect loses cookie
by rhesa (Vicar) on Jan 06, 2009 at 04:41 UTC
    I'd pass the session id in the redirect url:
    $self->redirect('admin.cgi?' . $self->session->name . '=' . $self->ses +sion->id);

    Another idea would be to make sure you have already sent the cookie with login.tmpl.

Re: CGI::Application redirect loses cookie
by karavelov (Monk) on Jan 06, 2009 at 11:18 UTC

    I have not experienced such a problem in similar situation. May be the difference is that in my case the user have establishd session (with associated cookie with it) before he posts hist user/pass.

    Couldn't you establish the session when displaing the login form?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://734324]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2014-04-20 16:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (485 votes), past polls