Hi all,
I'm trying to build a login-system based on CGI::Session.
I have the registration, login and logout running so far but I currently have an issue that a session seems to get deleted after about 10 seconds or so automatically.
I tried using something like $session->expire('+1h'); to force a session expiration date but this does not seem to work.
My code so far:
Navi.pm (this module basically prints the navigation on my website, html-meta-tags, CSS and so on).
This module is included in all my files:
Relevant code:
Navi::print_navi function:
print $cgi->header(-cache_control=>"no-cache, no-store, must-revalid
+ate"), # create the HTTP header
$cgi->start_html(-title=>"$title",
-author=>'webmaster at digioso.org',
-meta=>{long list of meta information here.........,
-style=>{'src'=>'http://www.digioso.org/style.css'});
+# start the HTML
Navi::end_navi function basically prints some stuff and then finally ends with print $cgi->end_html;
Now for the code that directly affects the login:
login.pl : That file creates a new session and logs the user in. If successful redirects to index.pl
#!/usr/bin/perl -w
use warnings;
use strict;
use CGI;
use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
use Digest::MD5 qw(md5_base64);
use CGI::Session;
use lib "<path to my libraries on that server>";
use Navi;
use DB;
my $cgi = CGI->new();
my $dbh = DB::connect_db();
my $usr = $cgi->param('usr');
my $pwd = $cgi->param('pwd');
if($usr ne '')
{
my $encrpass = md5_base64($pwd);
my $sql = qq{SELECT id FROM consystem_users WHERE username=? and p
+assword=?};
my $sth = $dbh->prepare($sql)
or die $dbh->errstr;
$sth->execute($usr, $encrpass)
or die $sth->errstr;
my $userid = $sth->fetchrow_array;
if($userid != "")
{
my $session = new CGI::Session();
$session->param("uid", $userid);
$session->expire('+1h');
print $session->header(-location=>'index.pl');
}
else
{
Navi::print_navi(": digioso :"); # Print Navigation
print qq{<div id="category">[ LOGIN ]</div>};
print "Username or password wrong !<br/><a href='login.pl?acti
+on=login'>Try again.</a>";
Navi->end_navi();
}
}
elsif($cgi->param('action') eq 'logout')
{
my $session = CGI::Session->load() or die CGI::Session->errstr;
$session->delete();
print $session->header(-location=>'login.pl');
}
elsif($cgi->param('action') ne 'login' && $usr eq "")
{
Navi::print_navi(": digioso :"); # Print Navigation
print "<br/><br/>Please input username and password !";
print_login();
}
else
{
Navi::print_navi(": digioso :"); # Print Navigation
print_login();
}
sub print_login()
{
print qq{<br/><br/><form method="post"><table>
<tr><td>Username:</td><td><input type="text" name="usr"></td><
+/tr>
<tr><td>Password:</td><td><input type="password" name="pwd" ma
+xlength="30"></td></tr></table><br/>
<input type="submit" value="Submit">
</form>
<br/>You don't have an account? Create one <a href="register.p
+l">here</a>.};
Navi->end_navi();
}
DB::close_db();
exit 0;
index.pl: Currently doesn't really have any content.
#!/usr/bin/perl -w
use warnings;
use strict;
use lib "<path to my libraries on that server>";
use CGI;
use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
use login_check;
use Navi;
my $cgi = CGI->new();
my $uid = login_check($cgi, ": Digiosos Con-System :");
if($uid > 0)
{
print qq{ $uid <a href="test.pl">Test</a>};
Navi->end_navi();
}
exit 0;
Index.pl includes the login_check module. Since my login-system has more than one file I don't want to have the same code in each of them.
login_check.pm: This module checks (or at least it's supposed to do... That's my whole problem...) whether a user has a valid session or not. If yes, the login_check function returns the userid stored in $session->param("uid"). If not it returns -1 .
My problem is that $session->is_empty returns true after being idle for about 10 seconds. As long as I click around everything's fine, but leaving it idle deletes my session.
#!/usr/bin/perl -w
use warnings;
use strict;
use lib "<path to my libraries on that server>";
use Navi;
use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
use CGI::Session;
sub login_check($$)
{
my $cgi = shift;
my $title = shift;
my $session = CGI::Session->load();
Navi::print_navi("$title", 1); # Print Navigation
if($session->is_expired)
{
print qq{<div id="category">[ LOGIN ]</div>};
print "Your has session expired. Please login again.";
print "<br/><a href='login.pl>Login</a>";
Navi->end_navi();
return -1;
}
elsif($session->is_empty)
{
print qq{<div id="category">[ LOGIN ]</div>};
print "You have not logged in.<br/><a href='login.pl'>Login</a
+> ";
Navi->end_navi();
return -1
}
else
{
print qq{<div id="category">[ CON-SYSTEM ]</div>};
print "<a href='index.pl'>Index-Page</a> <a href='changepw.pl'
+>Change Password</a> <a href='login.pl?action=logout'>Logout</a><br/>
+<br/>";
return $session->param("uid");
}
}
1;
Thanks in advance. :)