Fellow Monasterians,

I have a CMS that users must log into. Besides the login, there are several modules, used for various tasks, that check for the existence of the login when they are invoked.

Some users are reporting being forced to log in twice, once at the first login screen, and a second time after a requested module is invoked.

After hours of testing I finally realized that if a user does not use www. in the URI, the browser was ignoring the 1st cookie set at login, and necessitating a 2nd cookie to proceed.

So, the user enters: domainname.com/admin, but after failing, the browser fills in the address with the full URI as http://www.domainname.com and all is fine. The cookies are showing:

The code to create the cookie was:

use CGI::Session;
my $session = new CGI::Session();

my $cookie = $query->cookie(  
                            CGISESSID => $session->id,
                           );
print $query->header(-cookie => $cookie);
[download]

So I thought I'd add the domain to the cookie params:

(my $http_host  = $ENV{'HTTP_HOST'}) =~ s/(www.)?([\w\-.]+)/$2/;

my $cookie = $query->cookie(  
                            CGISESSID => $session->id,
                            -domain  =>  ".".$http_host,
                           );
print $query->header(-cookie => $cookie);
[download]

Still no dice. The docs for CGI::Cookie say that the dot form of the domain param, e.g., -domain => .domainname should work for any form of the domain name.

QUESTION: how do I set a proper cookie, irregardless of what the user enters as a starting URI?

Resolved: I set the <base href /> tag in the login tmpl file via $template->param(basehref => $http_post);. The cookie wrote correctly and all is well.