This warn("GetUserSessionCookie SID: $sid"); posts to error log: GetUserSessionCookie sessionname: ''

I copied the code at the wrong time. I have commented that in and out. Also where I set $sid to 0 was for testing also. I did set the $sid = '12ba7ce0cfeeae8e8a934af6724910e9'; which I copied from the cookie I am interested in and it proceeded to assume I was logged. The calling code just check ne 0 so anything ne 0 would have the same effect

sub ProcessLoginRequest
{
  my ($query) = @_;
  my $status = 0;
#  $sessionname = 'CGISESSID';
#  my %cookies = CGI::Cookie->fetch;
#  my $sid = $cookies{$sessionname}->value; 
  my $sid = GetUserSessionCookie();
  warn("ProcessLoginRequest Query: '$query'");
  warn("ProcessLoginRequest SID from cookie: '$sid'");

  #Check if it got valid return from fetch cookie
  if ($sid ne 0){
    $status = 1;
[download]

But later I compare against the stored session ID.

#---------------------------------------------------------------------
+----------
# FUNCTION: OpenSession($dbh, $sid)
# Opens existing session or creates new depending on $sid
#---------------------------------------------------------------------
+----------
sub OpenSession{
  my ($dbh, $sid)= @_;
  $session  = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh, Lo
+ckHandle=>$dbh});
  return $session;
}
[download]

Thanks

OK. Then here's what you can do:
1) Fix your original post's formatting (ie: add <p> tags). See Markup in the Monastery
2) Add use Data::Dumper; at the top of your file, and turn warn %cookies; into warn Dumper \%cookies;, you'll get a clearer view of what fetch() returns.

I don't see any obvious errors with your attempt to interrogate the cookies. (Update: But Eily did)

"First ask yourself `How would I do this without a computer?' Then have the computer do it the same way" Well that is indeed a strange response. I guess I would get on my horse and rise into town to figure out which way is up. Seiously, I do not understand your response at all.

That's not a response, it's a signature.

($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord
}map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,
[download]

Ok, do you remember the code i said you should try in Re^3: Sessions Questions? Still works just fine, i refreshed it It may have confused you because rather than the name of CGISESSID that CGI::Session uses my cookie was instead named TSSID. To get the current cookie i used my $tssid  = $q->cookie('TSSID');. while my %cookies = CGI::Cookie->fetch; $sid = $cookies{$sessionname}->value; is another valid way to do it, it will only work if $sessionname='CGISESSID';, you say that is true, but have you proved it?

Lets review the code you have exposed so far here.

sub GetUserSessionCookie
{
    warn("Entered GetUserSessionCookie");
    use CGI qw/:standard/;
    # fetch existing cookies
    my %cookies = CGI::Cookie->fetch;
    warn(%cookies);
    my $sid;
#    warn("GetUserSessionCookie sessionname: '$cookies{$sessionname}'"
+);
    if ($cookies{$sessionname}) {
       $sid = $cookies{$sessionname}->value;
          warn("GetUserSessionCookie SID: $sid");
       }
    else{
     $sid = 0;
    }
    return $sid;
}

sub ProcessLoginRequest
{
  my ($query) = @_;
  my $status = 0;
#  $sessionname = 'CGISESSID';
#  my %cookies = CGI::Cookie->fetch;
#  my $sid = $cookies{$sessionname}->value; 
  my $sid = GetUserSessionCookie();
  warn("ProcessLoginRequest Query: '$query'");
  warn("ProcessLoginRequest SID from cookie: '$sid'");

  #Check if it got valid return from fetch cookie
  if ($sid ne 0){
    $status = 1;
... end missing
[download]

if $sessionname='CGISESSID'; Why else might if ($cookies{$sessionname}) { fail? that would also happen if the user did not have the CGISESSID cookie set, because it expired or was deleted. In this case you set $sid=0; This is a bad thing to do for if that is the $sid you pass in $session  = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh, LockHandle=>$dbh});. CGI::Session will create a new session there if $sid is undef, but i bet (untested) that if $sid is 0 it considers it a valid sessionid and returns the results of that session(0) if it still exists (unexpired maybe because of a huge expire time of Now()+7*24*60*60 you once may have set), and returns the results of a new session if it doesnt. I dont think you have shown us where you send the cookie back to the browser, i do it by setting $cookie in one of three places, then using print $q->header(-cookie=>$cookie); Note that two of those places set $cookie = $q->cookie(TSSID => $session->id ); (Note that uses the default cookie -expires. http://perldoc.perl.org/CGI.html#HTTP-COOKIES says "If an expiration date isn't specified, the cookie will remain active until the user quits the browser." so everytime they quit the browser there will be no more cookie sent when they start it up again.) For your login scheme to work you have be be setting the cookie somewhere and sending to back to the browser, but if you dont use $cookie = $q->cookie(CGISESSID => $session->id ); you may be sending the wrong cookie value back. In fact if you use $cookie = $q->cookie(CGISESSID => $sid ); and $sid is 0 you are in trouble, in fact reusing that 0 session. This goes to show how valuable use warnings; can be, even if it seems to break EVERYTHING at first.

Hi

First let me get htis out of the way:

sub SetUserSessionCookie
{    
    my ($sname,$sid) = @_;
    #use CGI qw/:standard/;
    #use CGI::Cookie;
    my $sessioncookie = new CGI::Cookie(-name=>$sname,-value=>$sid,-ex
+pires=>$session_cookie_timeout,-path=>'/cgi-bin',-domain=>$domain,-se
+cure=>1);
    print header(-Cookie=>[$sessioncookie],-type=>"text/html");
}
[download]

The cookie is set anew each time I log in.

I will try to attach screen shot of firefox|options|cookies. Interestingly enough there is another unknown cookie that get posted to the page. Don't know where it comes from.Not in my code.

I will rake your advice and try to gin up something that will work. I have been fooling around with this all afternoon and it is very tiring. I usually (with advice) get issues resolved much faster.

Best regards

Interestingly enough there is another unknown cookie that get posted to the page. Don't know where it comes from.Not in my code.

Analytics software is often inserted at the server (e.g. Apache) level. My bet is that's the source.

---

#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.

When you call SetUserSessionCookie what do you pass as $sname and $sid, if $sid is zero or $sname is not CGISESSID that may be where your problem is.

Infact i forgot to suggest you check your mysql table for a sessionid of 0, and if you find it plain delete it. if you call $session  = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh, LockHandle=>$dbh}); when $sid is zero and there is no sessionid 0 you will get a new sessionid back

my $dbh = "";
my $session = '';
my $sessionname = 'CGISESSID';
[download]

is set at the beginning of the file and used all over including set and get cookies.

I finally found where the expiration had been set at 1d and changed it to 7.

The cookies are persistent. Checked before and after and against the sessions MySQL table.

Best regards

If OP is using CGI::Session then most of that stuff is extraneous

Hi

Well it appears I hve worked this out. I think the problem was th "mystery" cookie that had no name and blew the routine up. Still don't know where it comes from but appears each time I run.

sub GetUserSessionCookie
{
    warn("Entered GetUserSessionCookie Sessionname: '$sessionname'"); 
+   
    my $sid;
        my $sessionname = 'CGISESSID'; 
#    # fetch existing cookies
    my %cookies = CGI::Cookie->fetch;
#    warn Dumper \%cookies;
    while ( my ($sessName, $sessId) = each(%cookies) ) {
#       Dumper($sessId);
       if ($sessName eq $sessionname) {   
          $sid = $sessId;   
         }
      }
#     $sid = '12ba7ce0cfeeae8e8a934af6724910e9';
#      $sid = '1492';
#      $sid = 0;
    
    return $sid;
}
[download]

Whew. Thanks all.

Hi,

In the posted subroutine you have   use CGI qw/:standard/;

But it doesn't make use of :standard or "CGI" at all -- its extraneous

Forgot to tale it out. Not so easy. Now I can't log out. Ugh!! Cleared all the cookies and shut down. Still logged in Obviously the logged in flag is still st. Tomorrow another day.

Hi: Round and round. Just can't recover a $sid from a cookie.

Tried count on the cookies and it returned 0 Still struggling with this hole in my program. There are three cookies associated with my site.

Fri Mar 10 12:31:32 2017 manage_users.cgi: keycount: '0' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 681.

    my %cookies = CGI::Cookie->fetch;
    my $count = keys %cookies;
    warn("keycount: '$count'"); 
    
    while(my($key, $value) = each %cookies){
       Dumper \$key;
       Dumper \$value;
      if($key eq $sessionname){
         $sid = $value;
       }
     
     
     }
[download]