Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: CGI::Session - non-stop session creation problem

by Miguel (Friar)
on Apr 07, 2005 at 01:44 UTC ( #445509=note: print w/replies, xml ) Need Help??

in reply to CGI::Session - non-stop session creation problem

If I understand your question, you could do:

1. A user enters your website;
2. Check if $session->param("name") exists; IF exists is a privileged user ELSE is a visitor;
3. If is a visitor create a (normal) session variable and store a cookie;
4. If visitor logs in, you need to add a session variable, like, for example:

$session->param("name", $cgi->param("name"));
and the visitor 'upgrades' to 'privileged user'.

Replies are listed 'Best First'.
Re^2: CGI::Session - non-stop session creation problem
by Stenyj (Beadle) on Apr 07, 2005 at 02:51 UTC
    That's basically what I want to do, but what I can't figure out is how to initiate $session without it creating a new one if it doesn't exist.
    my $sid = $foo->cookie('main') || undef; my $session = new CGI::Session(undef, $sid, {Directory=>'c:/apache/ses +sions'}); if ($session->param("alias")) { .... #grab data from session }

    That is creating the session if one with the sid stored in the cookie 'main' doesn't exist...
    Is there a way to simply attempt to grab a session, and if it doesn't exists, leave $session null?

      I take it you didn't like my previous solution. I'm not entirely sure why.

      my $sid = $foo->cookie('main') || undef; my $session; # = undef if (is_logged_in()) { $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s +essions'}); }
      What still is not clear to me is how you determine whether someone is logged in or not. If that is just by the existance of the "main" cookie, then "is_logged_in()" is simply the existance of $sid:
      my $sid = $foo->cookie('main') || undef; my $session; # = undef if (defined $sid) { $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s +essions'}); }
      Of course, in the code that logs in, you'll need to create a new session at that time, so you have a sid to put into the main cookie. But I don't think that's the problem you're having (yet).

        It wasn't that I didn't like your previous solution, it was more a matter of it sounding more complicated them I'm prepared to handle and may not even have enough control of the webserve I'm hosted on to implement it.

        I was using the existence of the cookie as the method of determining whether or not the user is logged in.
        I've decided this is not adequate, as it's possible that there's a cookie in place but no session to match it (ie. if the session expires before the cookie does, or something of that sort).

        So, what I'm really looking to do (and I'm amazed that this isn't a simple solution, but perhaps it's because I'm using sessions in a messed up manner compared to how they're suppose to be used) is to see if there's a session with the SID stored in the cookie that's active.
        If there is, then grab data from session.
        If there isn't, do NOT create session.

        When I use this code:
        my $sid = $foo->cookie('main') || undef; my $session; # = undef if (defined $sid) { $session = CGI::Session->new(undef, $sid, {Directory => 'c:/apache/s +essions'}); }

        if anything is contained in the 'main' cookie (which there shouldn't be if it's set at the same time the session is, and they both have the same expire time... but sometimes the cookie still seems to stay active longer) then it creates a session... even if what's in the 'main' cookie is NOT a SID for the session.

        I just realized that my session expiration time is longer then my session expiration time, so I'll match them (they're both set at the same time, in the same script) which should theoretically eliminate this problem.

        I just assumed that there would be a simple way to simply test for the existence of a specific session, without forcing a new one to be created if the specific one that was tested for didn't exist.

        Thx for all the feedback guys! I really appreciate it.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://445509]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2018-03-18 14:36 GMT
Find Nodes?
    Voting Booth?
    When I think of a mole I think of:

    Results (230 votes). Check out past polls.