On 11/22/05, Scott Prelewicz <[EMAIL PROTECTED]> wrote:
>
> Im having a problem with sessions. I'm using the Plugin for
> CGI::Application with cgi::app. Ill paste the code below. The problem Im
> having is that on each request a new session is being created. These
> sessions have the same exact ID, but instead of loading the session from
> the database, its creating a new one with the same exact ID. So in my
> session table I have 20 rows with the same session_id. Why is it not
> opening the session already created with that ID? It appears that its
> getting the id from the cookie just fine, at least I think, since its
> the correct id being stored.
What you have in your code below looks like it should work fine. I
don't use MySQL that often anymore, but I have heard that if you use
InnoDB tables, then the tranaction isolation level can hide rows in
the database that other scripts have created (ie other apache
processes). My suggestion is to try and use the default sessions,
which uses a simple file based session. To do that, just comment out
the 'session_config' line, and CAP::Session will use file based
sessions by default.
Since you look like you are doing authentication in this sample code,
I thought I would do a little bit of promotion for my Authentication
plugin module. Here is what your code could look like if you decided
to use the Authentication plugin:
use base 'CGI::Application';
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::DBH (qw/dbh_config dbh/);
use CGI::Application::Plugin::Authentication;
__PACKAGE__->authen->config(
# use DBI driver and configure based on your SQL
# statement below
DRIVER => [ 'DBI',
TABLE => 'list_users',
CONSTRAINTS => {
'email' => '__CREDENTIAL_1__',
'md5:password' => '__CREDENTIAL_2__'
},
],
# your login page looks like it uses 'email' and 'password'
# as the form field names
CREDENTIALS => [qw(email password)],
# redirect to 'show_joined_lists' after a successful login
POST_LOGIN_RUNMODE => 'show_joined_lists',
# redirect to 'show_login' if not currently logged in
LOGIN_RUNMODE => 'show_login',
);
sub cgiapp_init {
my $self=shift;
my $query=$self->query();
$self->dbh_config("DBI:mysql:database:localhost",
"user","pass");
}
sub show_joined_lists :Authen {
....
}
Now you can get rid of all the other login based code that you have,
and things should work pretty much the same way. Just mark every
runmode that requires a valid login with the 'Authen' attribute and
that will automatically kick in the authentication checks when a user
tries to access that page,
If you are still having problems with your Sessions, let me know and
I'll try and help out some more.
Cheers,
Cees
> sub cgiapp_init {
> my $self=shift;
> my $query=$self->query();
> #SETUP DATABASE CONNECTION
> # ___PUT BELOW IN CONFIG FILE OUTSIDE ROOT, SEE mysql_config();
>
> $self->dbh_config("DBI:mysql:database:localhost",
> "user","pass");
>
> #SETUP SESSIONS
> $self->session_config (
> CGI_SESSION_OPTIONS=>['driver:mysql', $query,
> {Handle=>$self->dbh}],
> );
> }
>
> sub cgiapp_prerun {
> my $self=shift;
> my $session=$self->session;
>
> # REDIRECT TO LOGIN IF NOT LOGGED IN
> if (!$session->param('user_data')) {
> $loggedin_check=$self->_login();
> if (!$loggedin_check) {
> $self->prerun_mode('show_login');
> } else {
> $self->prerun_mode('show_joined_lists');
> }
> }
> }
>
> sub _login {
> my $self = shift;
> my $q=$self->query;
>
> my ($email)=$q->param(email);
> my $password=$q->param(password);
> my $dbh=$self->dbh;
> my $session = $self->session;
> if(defined $email and defined $password) {
> my $row=$dbh->selectrow_hashref("SELECT list_user_id,
> first_name,
> last_name,nickname
> FROM list_users
> WHERE
> email='$email'
> AND
> password=md5('$password')");
> if($row) {
> $session->param('user_data', $row);
> return 1;
> } else {
> $session->param('username', $email);
> return 0;
> }
> }
> }
>
> 1;
>
> Ive scratched the surface with CGI::App quite a few times over the years
> but always end up abandoning in favor of just coding as I get caught on
> these problems, but Im starting to see more and more its benefits,
> really just Perl's OO benefits in general. Any advice and help
> appreciated.
>
> Scott
>
>
> ---------------------------------------------------------------------
> Web Archive: http://www.mail-archive.com/[email protected]/
> http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
