Home > Archive > PERL CGI Beginners > November 2004 > CGI::SESSION, mysql, storing session data
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
CGI::SESSION, mysql, storing session data
|
|
| Harley Davidson 2004-11-12, 8:55 am |
| Hello,
I have to send this from my hotmail account, I apologize in advance if it's
completely unreadable;)
I am using CGI::Session, storing the session data in mysql. I am able to
store the appropriate values into the id and a_session columns. However, I
am also trying to store store group information in the session record.
There doesn't seem to be much to it, but obviously I'm missing something.
The column I created is called group_list and it is text. I thought I only
needed a single line of code to accomplish this:
$session->param("group_list", $groups). But it isn't working. Any help is
appreciated.
....
if (param('login')) {
$params{username} = UnTaint_Credentials($params{username});
$params{password} = UnTaint_Credentials($params{password});
my $ldap = Net::LDAP->new ("$domain_controller" ) or die "$@";
my $mesg = $ldap->bind ("$app_account",
password => "$password",
version => 3 );
my $result = $ldap->search(
base => "DC=corp,DC=workplace,DC=com",
filter => "CN=$params{username}",
attrs => [ "distinguishedName", "memberOf" ],
scope => "sub",
sizelimit => 5);
if ($result->count > 1) {
$err = "LDAP search on supplied username returned multiple entries.";
print_html();
}
my $dn = $result->entry(0)->dn();
my $groups = $result->entry(0)->get_value("memberOf");
$result = $ldap->bind ("$dn",
password => "$params{password}",
version => 3 ) or die "I am dead";
if ($result->code == 0) {
## bind successful, create session and store group info
## remember, authorization based on group membership handled by app
my $session = new CGI::Session("driver:MySQL", undef, {Handle=>$dbh});
$session->expire('+1h');
$session->param("group_list", $groups);
$cookie = $q->cookie(CGISESSID => $session->id);
$cookie->secure('1');
}
else {
## bind failed
$err .= "Authentication Failed. Please try again.";
}
}
________________________________________
_________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
| |
| Harley Davidson 2004-11-12, 8:55 am |
| problem solved. reading the module docs like a technical manual instead of
a comic strip seemed to help;)
________________________________________
_________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/...6ave/direct/01/
| |
| Chasecreek Systemhouse 2004-11-12, 8:55 am |
| On Thu, 11 Nov 2004 13:09:58 -0600, Harley Davidson
<bigstinkyhog@hotmail.com> wrote:
> problem solved. reading the module docs like a technical manual instead of
> a comic strip seemed to help;)
But you did not post the correction/solution =)
So, others may be doomed to repeat...
--
WC -Sx- Jones
http://insecurity.org/
| |
| Harley Davidson 2004-11-13, 3:55 am |
| >>But you did not post the correction/solution =)
sorry about that. The resolution was to re-read the section of the
cgi::session documentation which talks about the data table.
"Session data is stored in the form of hash table, in key value pairs...."
I thought that the first argument to the param method was the column name.
It is actually the hash name. I didn't need to create a new column. That
data was being stored in the a_session column already.
I do have another question about cgi::session though. this login script
creates a session object ONLY if authentication succeeded. the user is then
redirected to the originally requested url (another perl script). I can't
figure out how I can validate the provided sessionID WITHOUT creating a new
session record in the database. Is it possible to do so using methods
provided by the library?
I ended up having to do the following:
## redirect to login if no session id
if (!$q->cookie("CGISESSID")) {
print
$q->redirect(-uri=>'https://hostname/cgi-bin/login.cgi',-status=>302)};
my $sid = $q->cookie("CGISESSID") || undef;
my $session = new CGI::Session("driver:MySQL", $sid, {Handle=>$s_dbh});
## created a new session means bad sessionID. redirect to login
if ($session->id() ne $sid) {
$session->expire('+1s'); # will want to delete this actually
print
$q->redirect(-uri=>'https://hostname/cgi-bin/login.cgi',-status=>302);
}
________________________________________
_________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/...6ave/direct/01/
|
|
|
|
|