[cgiapp] Sessions with CGI::Application

Stephen Carville stephen.carville at gmail.com
Thu Jul 1 11:34:36 EDT 2010 

I am trying to use CGI::Application::Plugin::Session to create a
session cookie but every time I access the program, I get a new
session.  A cookie is set but it doesn't seem to correspond to any in
the SESSION_DIR.  I've included what I hope is enough if the code for
some one to figure out what I'm doing wrong.

sub cgiapp_init {
  my $self = shift;

  # set the config for the session cookies
  $self->session_config (
    CGI_SESSION_OPTIONS =>
      [ "driver:File",$self->query,{Directory=>$CFG{SESSION_DIR}} ],
    COOKIE_PARAMS =>
      { -path=>$CFG{COOKIE_PATH},
        -expires=>$CFG{SESSION_LENGTH},
        -secure=>1 },
    SEND_COOKIE => 1 );
}

sub setup {
  my $self = shift;

  $self->mode_param('rm');
  $self->tmpl_path($CFG{TEMPLATE_DIR});

  # set allowable run modes
  $self->run_modes(
    'login' => 'login_page',
    'ssl_req' => 'ssl_required',
    'authcheck' => 'login_check',
    'schedule' => 'schedule',
    'services' => 'services',
    'envvar' => 'show_env',
    'splash' => 'splash_page',
    'AUTOLOAD' => 'auto_error_page');

  # set the default start mode
  if ($ENV{SSL_SESSION_ID}) {
    $self->start_mode('schedule');
  } else {
    $self->start_mode('ssl_req');
  }
}

sub teardown {
  my $self = shift;

  # flush session
  $self->session->flush();
}

sub schedule {
  my $self = shift;

  unless(check_session($self)) {
    my $url = "https://" . $CFG{SELF_URL} . "/?rm=login";
    return $self->redirect($url);
  }

  # etc...
}

sub login {
  my $self = shift;

#  get login information...

}

sub login_check {
  my $self = shift;

  # check the request was really a POST
   unless ($ENV{REQUEST_METHOD} eq "POST") {
     return ww_gonzo_error_page($self,
      "Unsafe data transfer attempted");
   }

  # Check authentication and authorization...

  # set inactivity time
  $self->session->param('countdown',1);
  $self->session->expire('countdown',$CFG{INACTIVITY_TIMER});
  # set maximum login time
  $self->session->param('max-session',1);
  $self->session->expire('max-session',$CFG{SESSION_LENGTH});

  # redirect to home page
  $url .= "https://" . $CFG{SELF_URL} . "/?rm=schedule";

  return $self->redirect($url);
}

sub check_session {
  my $self = shift;
  log_page($self);

  return 0 unless($self->session->param('countdown'));

  return 0 unless($self->session->param('max-session'));

  # reset inactivity timer
  $self->session->expire('countdown',$CFG{INACTIVITY_TIMER});

  return 1;
}

-- 
Stephen Carville

More information about the cgiapp mailing list