philosophia has asked for the wisdom of the Perl Monks concerning the following question:

This code from a login form seems to work only about 60 percent of the time. I am not sure if there is something about this code that is causing it to fail part of the time. The code runs an ldap query, and if an entry exists, connects to a spam filtering appliance, creates a session id on the spam filtering appliance, then redirects to a web interface for the spam filtering appliance using the session id.

#bind again as agent so you can see mailListOwner, which is not visibl +e to regular user accounts $message = $ldap->bind( $BINDDN, password => $LDAPPASS ); $res = $ldap->search( base => "ou=mail aliases,dc=domain,dc=com", filter => "(&(mail=${listname})(mailListOwner=${username}))", attrs => [ 'mail', $::qtnhostattr, 'mailHost' ], ); $res->code() && die $res->error(); $entry = $res->entry(0); #redirect to jmm, if not owner of mail list, or no mail list, prin +t error if ($entry) { $qtnhost = $entry->get_value($::qtnhostattr); $mail = $entry->get_value('mail'); if ( !$qtnhost || $qtnhost =~ / ) { print_form("Your account is not eligible for a quarantine. +"); exit(0); } my $mp = MPadmind->new(); $mp->connect( $qtnhost, 10243 ) or die("Error connecting to $qtnhost: $!"); my $mpusername = $mail; #$mpusername = $username if ( !$mpusername ); $mp->login( $mpusername, 'password' ) or die("Error logging in to $qtnhost: $!"); # this is apparently undocumented my $response = $mp->request( '_CGI', 'GET', 'SESSIONID' ); if ( !MPadmind::is_response_ok($response) ) { die("Error obtaining session ID: $response"); } my ($sessid) = MPadmind::tokenize($response); print CGI::redirect( "https://${qtnhost}/wm/spam/login.html?op=entry&sessionid= +${sessid}" ); } else { print_form("Invalid list name."); } }

about 60 percent of the time the login form works, and the user is redirected properly. The other 40 percent of the time the login form throws an error at this point in the code
if ( !MPadmind::is_response_ok($response) ) { die("Error obtaining session ID: $response"); }

In order to debug why sometimes the login fails, I put
print $qtnhost; print $mpusername; `

before the redirect happens. When the login in successful, there are values for $qtnhost and $mpusername. When the login fails, there are no values for $qtnhost and $mpusername, so that may be why login to the spam filtering appliance fails. I'm not sure why these values are missing some of the time, and I'm kind of stuck as to what I should do to debug this application further. I am deleting cookies and cache from my browser every time I test the form, btw. Any advice welcome.