Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: CGI::Session keeps re-using same session ID

by sundialsvc4 (Abbot)
on May 02, 2012 at 11:44 UTC ( #968431=note: print w/replies, xml ) Need Help??

in reply to CGI::Session keeps re-using same session ID

In addition to the admonition, “do not do a thing already done,” session handling code normally does not rely particularly on the browser to keep or not-keep the cookie.   Instead, it deletes the database-record corresponding to that cookie value.   The user is considered to be “logged on” only if the cookie in some way corresponds to a database record that exists and that says the user is logged on.   Even if the same session-ID cookie somehow keeps coming up again and again, what matters is what is happening on the host.

  • Comment on Re: CGI::Session keeps re-using same session ID

Replies are listed 'Best First'.
Re^2: CGI::Session keeps re-using same session ID
by alain_desilets (Beadle) on May 02, 2012 at 12:28 UTC
    I understand that you should not rely solely on the presence or absence of a cookie to decide if the user is logged on or not. I was just providing a small sample code to illustrate the fact that I am unable to save a new session ID cookie to the browser. I'm astonished at how difficult sessions are to get working, even for an experienced Perl programmer like me.

      I'm astonished at how difficult sessions are to get working, even for an experienced Perl programmer like me.

      I'm not :) HTTP is complicated enough, and then you have to deal with implementation details of and

      CGI::Session->new will try to load a session first, and only create a new session if it fails to load one

      The thing is, since in CGI protocol, cookies are retrieved via $ENV{HTTP_COOKIES}, if there is a cookie set, CGI::Session will always load an existing session, because (or will always read $ENV{HTTP_COOKIES}

      Hopefully you have read Basic cookie management (May 01) by now,

      but here is how you fix your program without changing the program flow,

      you delete the session if you can load it, then you create a new one

      if ($action eq 'login') { $session = CGI::Session->load( "driver:File", undef, $dsn_args ); eval { $session->delete; $session->flush; }; $session = CGI::Session->new( "driver:File", undef, $dsn_args ) or die CGI::Session->errstr; }

        It worked! Thx a million!

        Is it me, or is the documentation for CGI::Session severely misleading? It clearly says:

        new( DSN, SID, HASHREF )
            Requires three arguments. First is the Data Source Name, second should be the session id to be initialized or an object which provides either of 'param()' or 'cookie()' mehods. If Data Source Name is undef, it will fall back to default values, which are "driver:File;serializer:Default;id:MD5".
            If session id is missing, ***it will force the library to generate a new session id***, which will be accessible through id() method.
        But obviously, it doesn't.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://968431]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2017-12-11 04:31 GMT
Find Nodes?
    Voting Booth?
    What programming language do you hate the most?

    Results (286 votes). Check out past polls.