Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

CGI::Session "cache" issue

by Zhris (Initiate)
on May 23, 2011 at 06:31 UTC ( #906243=perlquestion: print w/ replies, xml ) Need Help??
Zhris has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I have been working on an old Perl login script, to make a couple of improvements. I have ran into a couple of problems with CGI::Session.

Upon login, if I use a header redirect to the homepage (a html webpage), then click on the "members zone" link, it will tell me that i'm not logged in. If I then re-click the same link, it will display what I expect, the "members zone" (logged in). This problem does not occur if I header redirect to the "members zone" directly after logging in. Another, I think related issue, the "Members Zone" is located "http://domain.com/Members.pl". I also have the directory "http://domain.com/Members" which contains an index.php file that redirects to "http://domain.com/Members.pl". It will also tell me that i'm not logged in, no matter what i try.

These issues seem to be related to the cache, and that its using the same compiled output of the "members zone" from before logging in. However, upon clearing my cache, then testing, the problem still occured. Why is this problem occurring, and how can I resolve it?

Here are the relevant sections of my code:

Login:

my $session = new CGI::Session(); if ($data{'Param'}{'Referer'}) { $session->param(-name => 'Referer', -value => $data{'Param'}{'Refe +rer'}); } my $referer = $session->param(-name=>'Referer') || $default_referer; # if ($data{'Param'}{'Login'}) { my $statement = "SELECT Client, Email, First_Name, Telephone_Numbe +r FROM $dbtable_Users WHERE (Email='$data{'Param'}{'Email'}' AND Pass +word='$data{'Param'}{'Password'}')"; my $sth = $dbh->prepare($statement); $sth->execute(); if ($sth->rows == 0) { $data{'Login'}{'Fail'} .= 'Wrong email / password combination. + Please retry. If you are having problems logging in, <a href="Contac +t-Us.php">Contact Us</a>. '; } else { while (my @row = $sth->fetchrow_array()) { $data{'Session'} = { 'LoginEpoch' => time, 'Client' => $row[0], 'Email' => $row[1], 'FirstName' => $row[2] }; } $session->param(-name => 'LoggedIn', -value => $data{'Session' +}); $session->expire('LoggedIn', "+10000s"); $session->flush(); print redirect($referer); exit(1); } } elsif ($data{'Param'}{'Logout'}) { $session->clear(['LoggedIn']); $session->flush(); print redirect('http://www.Domain.com/Login.pl?Event=You have logg +ed out'); exit(1); } else { $data{'Login'}{'Begin'} .= q(Please login. If you are having probl +ems logging in, <a href="Contact-Us.php">Contact Us</a>. ); } print $session->header(); #etc

Members Zone:

my $session_data; my $session = load CGI::Session(); if ($session->param(-name=>'LoggedIn')) { $session->expire('LoggedIn', "+10000s"); $session_data = $session->param(-name=>'LoggedIn'); } $session->flush(); #Not logged in unless ($session_data) { print redirect('http://www.Domain.com/Login.pl?Event=You must be l +ogged in to view this page&Referer=http://www.Domain.com/Members.pl') +; exit(1); } #Begin logged in if ($session_data) { print $session->header(); #etc }

Thanks,

Chris

Comment on CGI::Session "cache" issue
Select or Download Code
Re: CGI::Session "cache" issue
by Anonymous Monk on May 23, 2011 at 17:52 UTC
    These issues seem to be related to the cache

    How did you to come to this conclusion?

    Upon casual examination of your code fragment, I notice you're mixing CGI::redirect with CGI::Sessions::header, well that is never going to work, because HTTP header only get sent once.

    You can't have a session without a sid.

    You can only pass a sid through, cookie, url param, or form param.

    Your use of CGI::Session::header suggests you want to use the cookie way, but you don't send any cookies when you use CGI::redirect

    $ perl -MCGI -MCGI::Session -MDDS -le " Dump( CGI::Session->new->heade +r ); " $VAR1 = "Set-Cookie: CGISESSID=7259a9a49c42fea87376be33478731b8; path= +/\r\nDate: Mo". "n, 23 May 2011 17:40:06 GMT\r\nContent-Type: text/html; chars +et=ISO-8859-1". "\r\n\r\n"; $ perl -MCGI::Session -MDDS -le " Dump( CGI->redirect )" $VAR1 = "Status: 302 Found\r\nLocation: http://localhost\r\n\r\n";
    See CGI::Session::Tutorial, Ovid's CGI Course

    Here is monkey patch

    use CGI::Session; sub CGI::Session::redirect { my $self = shift; return $self->query->redirect(-cookie => $self->cookie, @_ ); } use DDS; Dump( CGI::Session->new->redirect ); __END__ $VAR1 = "Status: 302 Found\r\nSet-Cookie: CGISESSID=a19147247f0207a6c3 +14b5aadc7c232". "a; path=/\r\nDate: Mon, 23 May 2011 17:46:15 GMT\r\nLocation: + http://localho". "st\r\n\r\n";

      Hello,

      Thanks for responding.

      Firstly note that I broke the code down, excluding un-related parts. I am actually sending the headers only once. Once I have printed the redirect header, I exit the script (exit(1)). Its doing everything fine, its just not registering that i'm logged in, if I visit the page in a particular way (i.e. from the homepage after logging in, or from a redirect index page).

      I have used CGI:Session on many occassions, but never for such a task. I have read the tutorial, as well as the main documentation a few times. From what I gathered, you don't need to pass an SID, unless the user has i.e. cookies disabled. The module should handle everything automatically.

      Quote from the tutorial based on this line of code "$session = CGI::Session->new () or die CGI::Session->errstr;":

      "We didn't check for any session cookies above, did we? No, we didn't, but CGI::Session did. It looked for a cookie called CGISESSID, and if it found it tried to load existing session from server side storage (file in our case). If cookie didn't exist it looked for a QUERY_STRING parameter called CGISESSID. If all the attempts to recover session ID failed, it created a new session."

      I have tried CGI's redirect() method, and also used a basic HTML meta refresh, which results in the same issue.

      I'm not used the the style of code you have provided, i'll have to examine it more closely to see if theres anything you've shown that could fix my issue.

      Chris

        Thanks for responding. Firstly note that I broke the code down, excluding un-related parts. I am actually sending the headers only once. Once I have printed the redirect header, I exit the script (exit(1)). Its doing everything fine, its just not registering that i'm logged in, if I visit the page in a particular way (i.e. from the homepage after logging in, or from a redirect index page).

        If its doing everything fine, then why is there a problem?

        redirect does not print a session cookie

        No session cookie, means no session.

        Your code fragment is too dense, but I was able to spot the problem (redirect without cookies)

        If you follow the guidelines of How do I post a question effectively?, and post a small/short, self-contained program, which demonstrates the bug/problem, undesirable output/behaviour, we can better help you, and you can believe us when we do :)

        I have used CGI:Session on many occassions, but never for such a task. I have read the tutorial, as well as the main documentation a few times. From what I gathered, you don't need to pass an SID, unless the user has i.e. cookies disabled. The module should handle everything automatically.

        How do you think the module handles everything automatically?

        The sid has to get passed somehow.

        If you use header method, it goes by way of cookie. CGI::redirect() doesn't know about CGI::Session, so no cookie.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://906243]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (9)
As of 2014-12-28 16:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (182 votes), past polls