Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Tracking users with cookies

by Fingo (Monk)
on May 19, 2002 at 12:21 UTC ( #167644=perlquestion: print w/replies, xml ) Need Help??

Fingo has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to track users with cookies, but I can't quite get it toi work. Whenever a database record for a session gets deleted after a certain amount of time, the cookie is still there and it tries to fetch a noexistant record.
use Apache; use Apache::Session::MySQL; my $r = Apache->request(); my $cookie = $r->header_in('Cookie'); $cookie =~ s/SESSION_ID=(\w*)/$1/; tie %session, 'Apache::Session::MySQL', $cookie,{ DataSource => 'dbi:mysql:weblog', UserName => $db_user, Password => $db_pass, LockDataSource => 'dbi:mysql:weblog', LockUserName => $db_user, LockPassword => $db_pass, }; my $session_cookie = "SESSION_ID=$session{_session_id};"; $r->header_out("Set-Cookie" => $session_cookie);

Replies are listed 'Best First'.
Re: Tracking users with cookies
by rob_au (Abbot) on May 19, 2002 at 13:18 UTC
    The most likely reason for this is because the expiry time set on the cookie sent to the client exceeds that set for the session in the database. This is not a major problem per se but rather a segment of your user interface and session control which needs to be approached more defensively - That is, your coding approach to this element of your user interface should anticipate the scenario where a session ID provided by a client may be no longer valid.

    For example, consider the following mock-up code based on the snippet provided and some of my code that uses Apache::Session:

    my %session; eval { tie %session, 'Apache::Session::MySQL', $cookie, { ... } } if ($@) { # error occurred in session information retrieval ? } if (exists $session{$cookie}) { # ... user session is still valid ... } else { # ... user session no longer valid ... }

    It may be worthwhile having a look at Essential CGI Security Practices and Securing CGI scripts - In short, code defensively and never trust anything sent from the browser.


Re: Tracking users with cookies
by giulienk (Curate) on May 19, 2002 at 13:10 UTC
    Why the record in the DB is deleted? You should delete just records relative to cookies you know are expired.
    A simple way to know is adding a timestamp column to the session table and then erase just sessions expired as they are older than the expire time you should set in the cookie (and you don't right now). The best way to handle this is with a job scheduled to run when you got low traffic on your website.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://167644]
Approved by Dog and Pony
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2020-10-24 03:04 GMT
Find Nodes?
    Voting Booth?
    My favourite web site is:

    Results (242 votes). Check out past polls.