in reply to Concern with CGI::Session

If you want to authenticate users and you want to use CGI::Session, can I suggest you have a look at CGI::Session::Auth. It will do all the work for you, and it will give you an idea of how authentication with a session works.

The basic idea is that every user gets a session regardless of whether they are logged in or not. Once a user successfully logs in, a parameter is set in the session that states that this user has already logged in. So the next time that user comes back, you check in their session to see if they have logged in. If this special variable is not set, then you know they haven't logged in and you redirect them to a login form.

Replies are listed 'Best First'.
Re^2: Concern with CGI::Session
by rjsaulakh (Beadle) on Jun 14, 2005 at 12:43 UTC
    i have some queries
    i have set session id and domain name in the cookies which are sent to the user browser
    $cookie =$cgi->cookie( -CGISESSID => $session->id, -expires => '+1h', -domain => 'B2R6A056a' }; print $cgi->header(-cookie=>$cookie);
    now when the user clicks a tab and goes to another page i want to fetch the cookie from the usersession and then intially trying to print all the values got from the cookie
    my %cookie = fetch CGI::Cookie; foreach $keys ( sort keys %cookie) { print "$keys : $cookies{$_}"; }
    but i am not able to fetch the cookie
    is there some problem in the line of my thinking
    or is there something more i have to take care of
    please advice

      The -domain part of a cookie should be the domain name of the server(s) that you want to receive the cookie (1). 'B2R6A056a' does not look like a valid domain name to me, and that is probably causing your problem.

      My suggestion would be to simplify things by removing the -expires and -domain part of the cookie, and seeing if that works. If it does work, then add one of the options back in ans see if things still work. Simplifying things and taking it one step at a time is a very successful debugging tool that is useful when you are not sure what is causing your problems.

      If that doesn't work, then you need to start looking carefully at the actual headers being sent along with the request (that includes client headers and server headers). Mozilla can be helpful with this, since it has plugins to debug client and server HTTP headers. Look for the Set-Cookie: header in the server headers, and Cookie: header in the client headers.