Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: CGI::Session keeps re-using same session ID

by sundialsvc4 (Monsignor)
on May 02, 2012 at 11:44 UTC ( #968431=note: print w/ replies, xml ) Need Help??


in reply to CGI::Session keeps re-using same session ID

In addition to the admonition, “do not do a thing already done,” session handling code normally does not rely particularly on the browser to keep or not-keep the cookie.   Instead, it deletes the database-record corresponding to that cookie value.   The user is considered to be “logged on” only if the cookie in some way corresponds to a database record that exists and that says the user is logged on.   Even if the same session-ID cookie somehow keeps coming up again and again, what matters is what is happening on the host.


Comment on Re: CGI::Session keeps re-using same session ID
Re^2: CGI::Session keeps re-using same session ID
by alain_desilets (Beadle) on May 02, 2012 at 12:28 UTC
    I understand that you should not rely solely on the presence or absence of a cookie to decide if the user is logged on or not. I was just providing a small sample code to illustrate the fact that I am unable to save a new session ID cookie to the browser. I'm astonished at how difficult sessions are to get working, even for an experienced Perl programmer like me.

      I'm astonished at how difficult sessions are to get working, even for an experienced Perl programmer like me.

      I'm not :) HTTP is complicated enough, and then you have to deal with implementation details of CGI.pm and CGI::Sessions.pm

      CGI::Session->new will try to load a session first, and only create a new session if it fails to load one

      The thing is, since in CGI protocol, cookies are retrieved via $ENV{HTTP_COOKIES}, if there is a cookie set, CGI::Session will always load an existing session, because CGI.pm (or CGI::Cookies.pm) will always read $ENV{HTTP_COOKIES}

      Hopefully you have read Basic cookie management (May 01) by now,

      but here is how you fix your program without changing the program flow,

      you delete the session if you can load it, then you create a new one

      if ($action eq 'login') { $session = CGI::Session->load( "driver:File", undef, $dsn_args ); eval { $session->delete; $session->flush; }; $session = CGI::Session->new( "driver:File", undef, $dsn_args ) or die CGI::Session->errstr; }

        It worked! Thx a million!

        Is it me, or is the documentation for CGI::Session severely misleading? It clearly says:

        new( DSN, SID, HASHREF )
        
            Requires three arguments. First is the Data Source Name, second should be the session id to be initialized or an object which provides either of 'param()' or 'cookie()' mehods. If Data Source Name is undef, it will fall back to default values, which are "driver:File;serializer:Default;id:MD5".
        
            If session id is missing, ***it will force the library to generate a new session id***, which will be accessible through id() method.
        
        But obviously, it doesn't.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://968431]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2014-04-19 02:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (475 votes), past polls