Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Perl (http://www.go4expert.com/forums/perl/)
-   -   Creating and validating Sessions in Perl CGI (http://www.go4expert.com/forums/creating-validating-sessions-perl-cgi-t1077/)

Rakish 27Jul2006 21:14

Creating and validating Sessions in Perl CGI
 
Hi everyone, how are yall doing?

I am developing a system where upon login (valid username and password) a session is started.


$session = new CGI::Session("driver:File", undef, {Directory=>"/tmp"});
$cookie = $cgi->cookie(CGISESSID => $session->id);
print $cgi->header( -cookie=>$cookie );



I want to check at top of every page if the session is still valid or the user has logged out. If the user has logged out they should be redirected to the login.pl page.

$sid = $cgi->cookie("CGISESSID") || undef;
$session = new CGI::Session(undef, $sid, {Directory=>'/tmp'});



My concern is if someone has logged out, or the CGISESSID cookie is not set at all and if some one creates a cookie with name CGISESSID (using tools like firefox webdeveloper too) they could not be granted access.

I have been trying to fix this for 2-3 days but its just not happening

I would really apprecite if you could provide me with the script for creating session after successful login and validating this session at everypage.

Thankyou all for your prompt help and concern.

-Rakesh Gupta

pradeep 28Jul2006 17:58

Re: Creating and validating Sessions in Perl CGI
 
Hi Rakesh,
Well, to block users from other IPs using a fake cookie we need to use use CGI::Session ( '-ip_match' );
Well, I've created a login page an index page, with login/logout capabilities, trying viewing the index page without logging in.

login.pl
Code: Perl

#!/usr/bin/perl
 
  # login.pl
  use CGI;
  use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
  use CGI::Session ( '-ip_match' );
 
  $q = new CGI;
 
  $usr = $q->param('usr');
  $pwd = $q->param('pwd');
 
  if($usr ne '')
  {
      # process the form
      if($usr eq "demo" and $pwd eq "demo")
      {
          $session = new CGI::Session();
          print $session->header(-location=>'index.pl');
      }
      else
      {
          print $q->header(-type=>"text/html",-location=>"login.pl");
      }
  }
  elsif($q->param('action') eq 'logout')
  {
      $session = CGI::Session->load() or die CGI::Session->errstr;
      $session->delete();
      print $session->header(-location=>'login.pl');
  }
  else
  {
      print $q->header;
      print <
          <form method="post">
          Username: <input type="text" name="usr">
 
          Password: <input type="password" name="pwd">
 
 
          <input type="submit">
          </form>
  HTML
  }


index.pl
Code: Perl

#!/usr/bin/perl
 
  # index.pl
  use CGI;
  use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
  use CGI::Session ( '-ip_match' );
 
  $session = CGI::Session->load();
  $q = new CGI;
 
  if($session->is_expired)
  {
      print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
      print "Your has session expired. Please login again.";
 print "<br/><a href='login.pl>Login</a>";
  }
  elsif($session->is_empty)
  {
      print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
      print "You have not logged in";
  }
  else
  {
      print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
      print "<h2>Welcome";
      print "<a href='login.pl?action=logout'>Logout";
  }


I hope this solves your problem.

Rakish 1Aug2006 20:56

Re: Creating and validating Sessions in Perl CGI
 
Thank you pradeep,

The sessions are finally working for me..

-Rakesh

pradeep 14Jun2007 17:01

Re: Creating and validating Sessions in Perl CGI
 
Try upgrading CGI::Session to the latest version!

sundeep.kumar 17Dec2009 13:46

Re: Creating and validating Sessions in Perl CGI
 
hi pradeep i am not able to get this working could you please give some explanation about the variables and i am also concerned about checking the inputs agains a MYSQL database ..

sundeep.kumar 18Dec2009 13:07

Re: Creating and validating Sessions in Perl CGI
 
hi pradeep it would be very heklpful if you could explain about this block of code

if($usr ne '')
{
# process the form
if($usr eq "demo" and $pwd eq "demo")
{
$session = new CGI::Session();
print $session->header(-location=>'index.pl');
}
from login.pl ... please help me out ASAP ....

venami 18Dec2009 16:35

Re: Creating and validating Sessions in Perl CGI
 
Quote:

Originally Posted by sundeep.kumar (Post 61852)
if($usr ne '') //part 1
{
# process the form
if($usr eq "demo" and $pwd eq "demo") //part 2
{
$session = new CGI::Session(); //part 3
print $session->header(-location=>'index.pl'); //part 3
}
from login.pl ... please help me out ASAP ....

Here the value of $usr is populated from the text box(see the entire code of login.pl). So when the user submits to login without entering the username, the condition (part 1) will be FALSE and so again the login page appears.

Suppose if some username has been typed, then it will be checked for authentication. In this code, the value "demo"(see part 2) is used for an example. In your case, you have to use the value that you get from the MySQL database.

If the authentication is successful, then a session is created for that user and the page is redirected to the main index page using part 3.

sundeep.kumar 19Dec2009 13:35

Re: Creating and validating Sessions in Perl CGI
 
Thank you venami .. i am able to run the code the code it's working now ... thanks once again for helping me out

sundeep.kumar 9Jan2010 01:25

Re: Creating and validating Sessions in Perl CGI
 
friends sorry to bother again i would like to know how one can create a web page where a user log's in and thereafter unless and untill users logs out or session gets expired there should be no login page ... just like in gmail or yahoo .. i would like to know regarding this ..

venami 9Jan2010 08:53

Re: Creating and validating Sessions in Perl CGI
 
Code:

if(cond) //Check whether user logged in, using the session variables.
{
  Display the home page without the "log in" link.
}
else //means user has not logged in.
{
  Display the log in page.
}

Have this check in the "log in" page also and display the contents accordingly.

Please see the previous posts in this thread. Pradeep has given you the code itself. :)


All times are GMT +5.5. The time now is 18:49.