skelooth has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I am new to this website. I am working on a fairly large data warehouse and I'm using CGI::Session for session management. What I have works great. It works on every single browser and operating system I've tried it on (Firefox,konquerer,IE 6/7,win,*nix). The problem is that there is one computer on the local network that absolutely refuses to maintain a session. The problem is as follows:

Upon successful login the session is created. I know the login is successful because I log all login information.

The user sees the homepage as they should.

The user tries to visit any other webpage and -blink- session is gone and they are taken directly back to my login page.

I installed firefox on the computer and it works fine, I also tried using an identical computer in the same office and their IE worked fine.

I've set all IE security settings to low, I added the site to the trusted sites list, and I tried adding an entry in the hosts file so that it'd have a qualified domain extension. None of these attempts have been successful.

I have seen similiar problems across google searches but they all got resolved using the hosts file. This did not work for me, nor have I needed to do this on any other computer. It is only this ONE specific computer. ~50 users have been able to login and use the program without hitch using the same browser and OS.

I am curious if anyone has seen anything similiar or knows why this may be happening. Unfortunately the project manager insists that all of the employees use IE, so I need to make this work. I've had coworkers look at the problem and we can't figure this out.

I can post code snippets if you like, but it's very simplistic. If the name and password match dispatch a session. When you visit a page if there is no session go to the login screen.

on login:
$s= CGI::Session->new(); $s->expire("+30m"); $s->param('permissions', $res{'permissions'}); $s->param('name', $res{'fname'}); $s->param('email', $res{'email'}); $s->param('id', $res{'id'}); $s->flush();
on page visit:
sub check_session { my ($obj,$s,$q)= @_; if ( !defined $s || $s->is_empty() || $s->is_expired() || defined +$s->param("nogood") || !defined $s->param('id')) { return 0; } $s->expire("+30m"); return 1; # it's active return 0; # it's dead }

Any insight would be greatly appreciated and much thanks in advance.

Replies are listed 'Best First'.
Re: CGI::Session not 'sticking' on one computer
by jettero (Monsignor) on Jul 25, 2007 at 20:22 UTC
    Feels more like a cookie problem then a perl problem... hard to say of course.

    Uninstall norton security center and try it again? That or set IE to the default security settings and default privacy settings...


      I agree this must be a cookie problem. I have in fact restored IE to it's factory settings, and have also tried disabling all antivirus programs and rebooting. Cookies seem to get set and work fine on other sites including things like squirrelmail and vbulletin. I'm trying to find the 'magic bullet' as to why the CGI::Session cookie is not lasting. It's like it disappears.
Re: CGI::Session not 'sticking' on one computer
by traveler (Parson) on Jul 25, 2007 at 21:34 UTC
    Some possibilities:

    Are you using a "third-party cookie"? If so, is someone on that site visiting some other page that uses the same third-party?

    Any chance the problematic machine has run out of cookie space? IIRC, the default is only 2M.

    Are you dropping other cookies? I understand that IE6 has a limit on the total bytes of cookies from a site.

    What version of IE is the problematic PC running? I know some old IEs (IE4) had issues with some cookies, including ones with null names.

    HTH, --traveler

      I'm not quite sure what you mean by third party cookie. The cookie should only be active within the domain I set it in, or at least I assume it would be that way. Maybe you can expand on what you mean. Cookie space should not be the issue as the cookie is only storing ~50 characters or less and cookies on other sites seem to work fine. The machine also does not seem to be dropping any other cookies. The problematic computer is a windows XP home edition with IE7. Originally it was IE6, so one of my first attempts to fix this was to update it to 7. I don't think I've ever quite seen a problem like this before, because it's so peculiar. Personally I'd like to just reformat the whole machine and make it all open source software based but the help desk folk don't like that idea much :)

      Is there a way to preserve linebreaks in nodes without typing <br>?
        Is there a way to preserve linebreaks in nodes without typing <br>?
        To what purpose?

        You've used <code> properly in your OP and I don't see anything in this thread that can't be attributed to individual style where <br> would be needed unless it's the parent of this post, where (personal style, again), I might have broken up your monolithic text into paragraphs, using <p>... </p> pairs.

        For more general advice on formatting your nodes, check Writeup Formatting Tips and because it's comprehensive, follow, near the bottom, the link to Perl Monks Approved HTML tags.

        And lest we forget, your browser's "View Source" may add some answers, if you see some kind of fancy formatting not readily attributable to breaks, paragraphs, or (not previously mentioned) lists whether ordered or unordered.

        Just BTW, there are no <br>s in the source of this entry.
        A third-party cookie is one sent by a website other than one the user is viewing. That is, if the user is viewing, a cookie from would be a third-party cookie.
Re: CGI::Session not 'sticking' on one computer
by bmann (Priest) on Jul 25, 2007 at 21:01 UTC
    Did you check the time (& time zone settings) on that computer?
      Yes, and the date, time, and timezone were all correct. I was thinking that as well, as if the cookie were expiring instantly.
Re: CGI::Session not 'sticking' on one computer
by Errto (Vicar) on Jul 26, 2007 at 04:16 UTC
    Give it the full battery:
    • clear all local/temporary files and all cookies
    • disable proxies
    • double-check the hosts file just to make sure
    • uninstall or at least disable third-party browser plugins
    • create a new user account on the machine, log in and test the browser there
    • failing that, run a spyware scanner
    • failing that, install ethereal and snoop the HTTP traffic to make sure the request headers look right on that second page view
    • if all else fails, reinstall Windows
      Thanks everyone, that is what I'm going to do.