Sessions Not Working

[iaresean]

Hey all;

I have been using sessions for some time now, but for some reason they are not working all of a sudden. Below is a copy of my code, please help me try and find out why?

Here is the script that starts the session:

#!/usr/bin/suidperl -U
use CGI;
use CGI::Session;
my $cgi = new CGI;
$username = $cgi->param('username');
$password = $cgi->param('password');
my $session = new CGI::Session(undef, undef, {Directory=>'/tmp'});
$session->expire('+30m');
$cookie = $cgi->cookie(CGISESSID => $session->id);
print $cgi->header( -cookie=>$cookie );
if((!$username) || (!$password)){
        printForm();
}
else{
        $session->param('username', "$username");
        ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = getpwnam("$username");
        $< = $uid;
        $realpass = (getpwuid($<))[1];
        die "Unsuccessful!" unless(crypt($password,$realpass) eq $realpass);
        print <<EOHTML;
Content-type: text/html\n\n
                <HTML>
                <script language="JavaScript">
                        <!--
                        function redirectPage() {
                                window.top.location='test.cgi';
                        }
                        -->
                </script>
                <BODY onLoad="redirectPage();">
                <CENTER><H2>Please Wait While Loading...</H2></CENTER>
                </BODY>
                </HTML>
EOHTML
}
sub printForm(){
        print <<EOHTML;
        <table cellspacing="2">
                <tr><td colspan="2">Please Enter Your Cadmin Username and Password</td></tr>
        <form name="login_form" method="post" action="login.cgi">
                <tr><td>
                Username
                </td><td>
                <input type="text" name="username">
                </td></tr>
                <tr><td>
                Password
                </td><td>
                <input type="password" name="password">
                </td><tr>
                <tr><td colspan="2"><input type="submit" name="submit" value="Login"></td></tr>
        </form>
        </table>
EOHTML
}

Here is the script that "continues" the session:

#!/usr/bin/perl
use CGI;
use CGI::Session;
$cgi = new CGI;
$sid = $cgi->cookie("CGISESSID");
$session = new CGI::Session(undef, $sid, {Directory=>'/tmp'});
my $username = $session->param('username');
print "Content-type: text/html\n\n";
if (!$username){
     print <<EOHTML;
     <HTML>
     <BODY>
     sid = $sid <BR>
     Username = $username <BR>
     cgi = $cgi <BR>
     <CENTER><H2>Please Wait While Loading...</H2></CENTER>
     </BODY>
     </HTML>
EOHTML
}

If I print out $sid, it is blank, which means I can't get any session variables, so for some reason this means the cookie isn't being retreived properly.

Any and all help is GREATLY appreciated.

Sean.

 

[PaulTEG]

first block

$cookie = $cgi->cookie(CGISESSID => $session->id);

second block

$sid = $cgi->cookie("CGISESSID");

Should you be passing the session id to retrieve?
HTH
--Paul

 

[iaresean]

second block

$sid = $cgi->cookie("CGISESSID");

Should you be passing the session id to retrieve?

This is block is meant for retreiving the session id via the cookie called CGISESSID, isn't it?

Thanks for any and all help!

Sean.

 

[iaresean]

Could someone please copy and paste this code on their box, test it, and get back to me with results.

I would GREATLY appreciate it. Thanks.

Sean.

 

[iaresean]

Just a quick update--->

I tried passing the session id via the url (i.e index.html?sid=4jfdske2kj4342dnk4kkfd4jn) and by doing that I could successfully continue the session.

So my problem obviously lies with the fetching of the cookie somewhere.

Thanks for any and all help.

Sean.

 

[philote]

Don't know if it'll help, but try this.
Take out this line:

$sid = $cgi->cookie("CGISESSID");

And change $sid to $cgi in the next line to read:

$session = new CGI::Session(undef, $cgi, {Directory=>'/tmp'});

 

[iaresean]

philote,

Thanks for the recommendation; I tried it but unfortunately it did not work. If I use this method to get/continue the session, don't I also have to initialize the session a different way?

Thank you for all your effort;

Sean.

 

[philote]

Have you verified that the cookie is being set?

 

[iaresean]

Yeah, the cookie gets set. Its very wierd, because, it works perfect on my box, but as soon as I copy it over to the web server, nada. The only major difference I can see between the web server and my box is that they are running apache 1.3.26 and I am running apache 2.

I have just about giving up on passing the cgi session id via cookies, and have implimented hidden fields in order to pass it around. It seems to be working okay, but I would obviously prefer to use cookies.

Sean.