Session variables in Perl?

[RottPaws]

I'm pretty new to Perl/CGI. Is there a CGI equivalent to ASP Session variables? I've searched around on here and not found anything.

I want to make users login to my sight and I can make do this through LDAP.

Once I authenticate the user, how can I store the user information for reference from other pages?



_________
Rott Paws

...It's not a bug. It's an undocumented feature!!!

 

[usige]

Not directly. You have a few choices here. You could use Apache::Session if your server is setup with mod_perl or you can give CGI::Session a try. For a cookbook aproach on CGI::Session take a look here:

http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/CookBook.pm

Hope that helps.

 

[RottPaws]

Thanks. I'll have to check about the mod_perl. I know Perl is installed, but don't know what mod_perl is?

I'd prefer to not use cookies unless I have to. Then again, after first glance at Apache::Session, the cookies might be easier to deal with than setting up object store . . .



_________
Rott Paws

...It's not a bug. It's an undocumented feature!!!

 

[siberian]

No matter what you should have an object store. Storing actual session data in a cookie is not a good thing from a security perspective.

Using CGI::Session or Apache::Session you do not HAVE to use a cookie. You can just as easily parse the URI's to all have a session token in them. It does mean that you have to rewrite every link on every page to include that token but its not so bad.

What it comes down to is, for session management, you must always have a token, whether its a cookie or a URI parsing routine.

 

[RottPaws]

I've searched around for a few days now and found countless mention of session tokens. But what I have not found is something straight-forward that tells what they are and how to use them.

Do you have any tutorial/how-to pages somewhere so I can learn about them and check it out as an option?

I can't believe there isn't an easy way to handle this in CGI/Perl.

With ASP, it's as easy as saving a value to a variable once the username/password has been verified. Then the user can move from page to page easily. Each page checks to see that the variable is set before opening and if not, it redirects to a login page.

_________
Rott Paws

...It's not a bug. It's an undocumented feature!!!

 

[siberian]

Yes its that easy with perl as well if you read the tutorial page.

http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/Tutorial.pm

or maybe the cookbook is more to your liking, defined solutions to defined problems

http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/CookBook.pm

And BTW - Your ASP session is using cookies as the 'Token' to the data that is kept in shared memory on the ASP server. Its doing exactly what CGI::Session does, its just hiding it from you.

Finally, ASP is an application server, Perl is a programming language. The is app server functiionality that you can add to perl using things like CGI::Session etc but Perl itself is not a web-specific language.

 

[RottPaws]

I read through cookbook, but it was over my head. I guess that's what I get for jumping into the deep end..... I Somehow missed the tutorial. I'll check that out.

In the meantime, over the weekend, I went to this place in town called the libraryI and got some books on CGI and Perl. I'll figure it out. It just looks like it's not going to be as easy as what I'm used to in ASP.

Thanks for helping to point me in the right direction.

_________
Rott Paws

...It's not a bug. It's an undocumented feature!!!

 

[siberian]

I recommend using O'Reilly Safari (

http://safari.oreilly.com/

)

For $9.95 a month you can have I think 5 titles available online as reference. Its a great deal and you could have instant access to all of their perl and cgi books.

Once you understand what perl is doing you will either

A) Run in fear and loathing
B) Wonder how you ever lived without it.

Rarely do people fall in the middle

As an alternative you can install Apache::ASP and get some of the same functionality in a UNIX/Apache environment.