in reply to Concern with CGI::Session

Sessions and user authentication are two totally separate things. One does not require the other. Sessions are useful for sites that require user authentication because it enables the authenticated user data to persist across pages, but they are not required to implement authentication.

I have no idea how the logic of your site is implemented, but the following logic flow might help:

1) have a link on your main page to a login screen
2) on the login screen, have the user enter his/her user information.
3) use a back-end cgi script to authenticate the user ( probably against a database? )
4) once that cgi script has authenticated the user, then create your session
5) use the existence of the session and its data to allow the user into the members area

not knowing what you really want, I hope this helps

Replies are listed 'Best First'.
Re^2: Concern with CGI::Session
by Anonymous Monk on Jun 14, 2005 at 07:05 UTC

    Thanks for the reply :) -- The logic you described was basically right on the dot with how I am implementing this.

    I have the the back-end cgi script to authenticate the user using data in a mysql db. Then once its successful, then it creates a new session with CGI::Session.

    What I'm confused about is how to initialize the existence of a session from a user that is trying to view a members area section.

    I'm following the coding from the CGI::Session::turtorial doc and its defeating the whole purpose of authentication.
      I find it's easier if you just pretend that the session is always there (just create a session when one is requested), and then when the user logs in put some token in the session indicating what user it is (like the user id or login name).

      in the pages that require a valid user you only need to check whether the session contains a valid user id or redirect back to the login page (or give an error)

      This also means that you can use the session for other user state, even when they're not logged in.

        I'm not sure if I presented my problem correctly.

        About the example from the CGI::Session::Tutorial doc. I listed above, it only checks to see if a Cookie name exists or not.

        That being said, anyone who can create a cookie with the same name can be verified and will be able to view a members area site.

        How can you use CGI::Session to actually check the session id from the cookie to match the one from the database? There is no where in the tutorial or in the cookbook that shows an example how. Ahhhhh I wish I was smart and could figure this stuff out easy.

        i too am facing the same problem . i am able to set the cookie with session id in it and i am trying to fetch the cookie using

        %cookie = fetch CGI::Cookie;
        but there is not output , i tried a no of way without any success
        myu purpose is solved if i can successfully fetch the cookie
        after which i can take session id and do something with it