CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
Timing out a session

 



demon01
Novice

Apr 12, 2010, 8:58 PM

Post #1 of 20 (3828 views)
Timing out a session Can't Post

I am running my scripts on an Apache server and I want to time out the sessions of visitors after about 30 min of non activity and require the user to re log on.

I figure I need to use CGI::SESSIONS but I would like to know just how the module ends a session.

Any help is always greatly appreciated.


7stud
Enthusiast

Apr 12, 2010, 9:49 PM

Post #2 of 20 (3819 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

close, delete, expire:

http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/Tutorial.pm#EXPIRATION


FishMonger
Veteran / Moderator

Apr 12, 2010, 9:56 PM

Post #3 of 20 (3818 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

Have you read the documentation for the module?

You could start here then read the rest of the doc and its corresponding tutorial.

http://search.cpan.org/~markstos/CGI-Session-4.42/lib/CGI/Session.pm#expire%28%29

http://search.cpan.org/~markstos/CGI-Session-4.42/lib/CGI/Session/Tutorial.pm


demon01
Novice

Apr 13, 2010, 7:01 AM

Post #4 of 20 (3810 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

I've read the documentation for Apache::Sessions and CGI::Sessions.

What I don't understand is how the session module actually closes the connection.

My site requires an userid and password but it is not part of the server username and passwords. The username and password are stored on a db and are verified by my script which then allows them to continue on to their account.

I need to be able to keep track of how long they are logged on and then automatically logged of after a certain time of no activity. Logging in would simply require the user to resubmit their username and password and not allow navigation with the back buttons. I am not a 100% sure if I am grasping the session concept.

Now I am wondering if apache::session only works if you are using the server maintained username and password.


FishMonger
Veteran / Moderator

Apr 13, 2010, 7:37 AM

Post #5 of 20 (3808 views)
Re: [demon01] Timing out a session [In reply to] Can't Post


Quote
What I don't understand is how the session module actually closes the connection.

It doesn't. The connection is closed when the called script competes.


Quote
I need to be able to keep track of how long they are logged on and then automatically logged of after a certain period of no activity.

When the user logs-in, you store the time in a session variable and possible in the DB as well. When the user logs-out, you would calculate the elapsed time and update the DB.

To automatically "log them off" after a certain time of inactivity, you'd set the session expire interval.
http://search.cpan.org/~markstos/CGI-Session-4.42/lib/CGI/Session.pm#expire%28%29


demon01
Novice

Apr 13, 2010, 8:47 AM

Post #6 of 20 (3804 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

So far I understand that. I understand how the cgi::session keeps track of the state. But what is the process by which the user is required to re log in after expire().

In other words how does the server know that I need to log in again?


7stud
Enthusiast

Apr 13, 2010, 12:14 PM

Post #7 of 20 (3796 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

What do you mean when you say 'server login'? If we are talking about cgi scripts, then a user enters a url in their browser, and then your script presents them with an html page or an html form. Your html form can have any form fields you want on it, like two fields for a username and password. There is no logging into anything. There is just a couple of form fields and a script of yours that decides what to do with those form fields.

Logging onto a server is something you do to upload files to your webhost's server, and it has nothing to do with cgi. You are given an account by your webhost, and the server has some software that processes your username and password.

Now, if you are talking about web pages, then you can do this with sessions:


Code
$s = CGI::Session->load() or die CGI::Session->errstr(); 

if ( $s->is_expired ) {
#display login form
}



(This post was edited by 7stud on Apr 13, 2010, 12:33 PM)


demon01
Novice

Apr 15, 2010, 8:34 AM

Post #8 of 20 (3770 views)
Re: [7stud] Timing out a session [In reply to] Can't Post

Thanks for your reply, 7stud.

My question refers to your second scenario.

I have a site that displays a cgi form to process a username and password and accepts it or declines it. It is not a server process.

I need the server session to log the user out and require the user to log-in again. Right now as it is the srcipt can present the log-in page but the user can just back button back to the previous page because there really never was a 'session' per se.

So I need to change my log in process to establish a real session per user and be able to end the session automatically while not allowing the previous pages to be accessed.

My question then is; session uses cookies to compare the state of a particular session id number to the corresponding state record in the server db, so now, does session compare the cookie everytime a user tries to access any part of the site and then determines if to continue with the requested page or send the user back to the sign in page, there by essentially loggin off the user?

This I can do by adding session to all my perl scripts to ensure testing against the state stored in the db, correct?


FishMonger
Veteran / Moderator

Apr 15, 2010, 8:52 AM

Post #9 of 20 (3768 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

Here's an example from one of my scripts, which is in each of the pages for the site.


Code
my $session =  CGI::Session->load; 

if ($session->is_empty || $session->is_expired || !$session->param('logged_in')) {
my $login_page = 'http://mycompany.com/cgi-bin/emailadmin/login.pl';
print $cgi->redirect($login_page);
}



demon01
Novice

Apr 15, 2010, 9:25 AM

Post #10 of 20 (3766 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

Thanks, 7stud and Fishmonger.

I just needed that info to clarify the concept in my mind.


demon01
Novice

Apr 18, 2010, 6:52 PM

Post #11 of 20 (3747 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

Here is my code for issuing a cookie:

Code
use CGI; 
use CGI::Session;
$session = new CGI::Session();
$CGISESSID = $session->id();

# Send HTTP header to browser:
print $session->header();


but here is the error I get:

Code
CGI::Session doesn't seem to be a valid CGI::Session driver. At least one method ('store') is missing at /usr/lib/perl5/site_perl/5.8.8/CGI/Session.pm line 150 
CGI::Session::_validate_driver('CGI::Session=HASH(0x5ff97e0)') called at /usr/lib/perl5/site_perl/5.8.8/CGI/Session.pm line 55
CGI::Session::new('CGI::Session') called at cgi_test_2.pl line 34


Is this error because of my script or the CGI::Session installation on the server?


(This post was edited by demon01 on Apr 18, 2010, 6:56 PM)


FishMonger
Veteran / Moderator

Apr 18, 2010, 9:05 PM

Post #12 of 20 (3739 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

You need to show us more code and point out the line that is generating the error.

Start by adding these 2 lines at the beginning of the script (after the shebang line) and fix all of the problems that they point out.

Code
use strict; 
use warnings;


Then post a short but complete script that demonstrates the problem so that we can test and point out the problem/solution.


demon01
Novice

Apr 19, 2010, 6:36 AM

Post #13 of 20 (3725 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

hee is the whole code I am using:


Code
#!/usr/bin/perl 




use strict;
use warnings;

use CGI::Carp qw(fatalsToBrowser);
use CGI qw(:standard);
use DBI;
use HTML::Entities;
use CGI::Session;
my $ENV;

my @value;
my $dir="ha";
my $session_id;
my @cookies;
my @cookie;
my %crumbs;
my $crumbs;
my $cookie;
my $user;
my $session;
my $name;
my $value;
#this writes to the browser cookie and issues a session id

#From the sign in page the cookie is sent to the browser the first time the student signs in. when the student navigates to the
#student portal page the $ENV variable gets the cookie session id and writes it to the corresponding students database.
#my $cgi = new CGI;
use CGI;
use CGI::Session;
$session = new CGI::Session();
my $CGISESSID = $session->id();

# Send HTTP header to browser:
print $session->header();




#this part reads to see if a cookie is there. When it finds a cookie it reads
#the CGISESSID, if the cookie has expired it cancels the session. May be the session id is stored in the database and looked at
#to greet the visitor, then issues a new session id which it then writes to the database leaving the cookie to expire but
#the new id is now stored in the browser and the database. This cant happen because if the session expires then the
#new session id wont match the one in the databse. The session id has to be the same, or the session is read from the
#database and writen to the browser every time the user visits, but it will expire then writen back to the cookie for it to
#expire.

if ($ENV{'HTTP_COOKIE'}) {
my @cookies=split(/;/,$ENV{'HTTP_COOKIE'});
foreach $cookie(@cookies){($name , $value)=split(/=/, $cookie);
$crumbs{$name}=$value;
print "$name $value";#$id_to_store id to store: this id is stored right off the bat. It will stay in the users database and will be used to identify the user next time he
#enters.

}
}
if ($value eq "") {

$user="Welcome";
;
#Go to body of http content and display this message.
}


I really appreciate you guys helping me on this


FishMonger
Veteran / Moderator

Apr 19, 2010, 9:08 AM

Post #14 of 20 (3717 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

Why are you doing this?

Code
if ($ENV{'HTTP_COOKIE'}) {  
my @cookies=split(/;/,$ENV{'HTTP_COOKIE'});
foreach $cookie(@cookies){($name , $value)=split(/=/, $cookie);
$crumbs{$name}=$value;


Instead of this?

Code
my $session = CGI::Session->load or die CGI::Session->errstr();


When the user logs in, set a "logged-in" session var and set that var to expire after 30 minutes instead of expiring the session.

Then each page checks the status of the logged-in var and redirects back to the login page if needed. This will allow you to keep the same session id.


demon01
Novice

Apr 19, 2010, 9:23 AM

Post #15 of 20 (3715 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

I tried that as was suggested above but then I get this:

Code
Can't locate auto/CGI/Session/load.al in @INC (@INC contains: /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi


So I found the one you see in CGI.

I tried to put an -expires but I must have been writing it wrong cause I coujld not get it to work. This is how I inserted the expire:

Code
my $cookie = $cgi->cookie(CGISESSID => $session->id, 
-expires('2h');


But it did not insert it into the cookie when I looked at the file in my browser.

I checked the server and the CGI::Session module is in the "Perl modules installed" list. I even reinstalled but kept getting the same error message.
Thanks.


(This post was edited by demon01 on Apr 19, 2010, 9:27 AM)


demon01
Novice

Apr 19, 2010, 9:44 AM

Post #16 of 20 (3707 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

I just looked at the expire line and it is wrong. But I cant seem to find the correct way.


FishMonger
Veteran / Moderator

Apr 19, 2010, 9:48 AM

Post #17 of 20 (3706 views)
Re: [demon01] Timing out a session [In reply to] Can't Post

Then your CGI::Session module installation is broken.

Is this on a server you control? If not, then you might need to talk with your web host.


demon01
Novice

Apr 19, 2010, 10:08 AM

Post #18 of 20 (3704 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

I thought so. It looks like only CGI works.

I have access to the cpanel but I can't seem to effect the installation. I will contact the web host. I'll let you know.

Thanks FishMonger, I appreciate your help.


demon01
Novice

Apr 19, 2010, 6:23 PM

Post #19 of 20 (3684 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

I was able to get my web host to fix the problem with CGI::Session and I can create and install a cookie with expire.

But now I can't figure out where to put this code in order to load the session info to test it for expiration.


Code
my $session = CGI::Session->load or die CGI::Session->errstr();


I know the code needs to go in all scripts but I cant figure out where exactly.

Thanks again.


(This post was edited by demon01 on Apr 19, 2010, 6:24 PM)


demon01
Novice

Apr 20, 2010, 10:39 AM

Post #20 of 20 (3662 views)
Re: [FishMonger] Timing out a session [In reply to] Can't Post

How does the load() method know which cookie to read from among all the cookies?

Do I need to pass the session id to the load() method so it can test to see if it is expired?

I cant find anything in the tutorial, the cookbook.pm or the documentation that states this so any fool like me can understand itCrazy

Thanks again.

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives