I am working on a perl routine to let users login and out of my site. I use CGI::SESSION to keep the sessionid and loggedIn status. From static pages I use SSI to call logButton.cgi to show either a Logon or Logoff button.This seems to work fine.
Pages that are created by cgi-programs calls logButton.pl, which is basically a copy of logButton.cgi - just without all the cgi-stuff. This works OK as long as the cgi-program is in the same directory as logButton.cgi. But when called from a cgi program in another directory it looses the session an therefor logs itself off.
Can anybody tell me why this happens? I hope my description is clear enough :confused:

Please post your code.

OK, this is it, quite simple :

my $cgi = new CGI;
$session = new CGI::Session(undef, $cgi, {Directory=>"sessions"});
$sessionID = $session->id();
$user = $session->param('uid');
$session->expire(300);
$cookie = $cgi->cookie(CGISESSID => $session->id);
print header(-cookie=>$cookie);

I have done some searching, and I suppose that the problem is that, somehow, -the path parameter of the cookie is set to /admin when logging in.
So I tried to change the cookie creation to :

$cookie = $cgi->cookie(CGISESSID => $session->id, -path => '/');

However this makes things even worse. Now everything logs off immediatly after logging on.

use the full path in all the scripts:

Directory=>"full/path/to/sessions"

and hopefully thats all there is to it.

By the way : I tried to copy a program that failed from /cgi-bin to /admin an this makes it work nicely. Which stresses my suspicion about the path - I guess?

OK, this helped a bit, but not quite. Now the session is kept, so that programs in /admin runs properly, even after a visit to programs in /cgi-bin. So now nothing logs the user off any more. But when running a program in /cgi-bin, the button turns into a logon-button, probably because it does not find the session.
This may be some programming error, but I'm not sure what. Have to look into it.

You haven't provided enough of you code or details to be able to provide a definitive answer.

You have 2 logButton.* scripts but 1 is "without all the cgi-stuff". What does that mean?

After creating the session, each subsequent page/script needs to try to load the session data before creating a new session. Are you doing that?

It means that I have one program that runs as a SSI from all static pages (*.shtml). This is a small logButton.cgi that does nothing but returns either a Logon or a Logoff button.
But when a page is generated by (f.ex) a calendar.cgi, the SSI statement is just returned to the browser as a comment-line and is not executed. So, instead I include a small script (.pl) into the .cgi that creates the page (f.ex a calendar program).
But in fact both logButton.cgi and calendar.cgi includes the same file. So the ony difference is that the two .cgi's are located in different directories.
I do load the session every time. In fact, this is not nescessary because CGI::SESSION remembers it even though I go to pages without retrieving the session during the session. But I have tried to print the sessionID on each page and it is correct on the pages that logs off. Although the sessionID is correct, the program can't find the session and then creates a new sessionID

Now I have discovered that it seems as if I am not allowed to set the path in the cookie.
Earlier I set the cookie like this :

$cookie = $cgi->cookie(CGISESSID => $session->id);
print header(-cookie=>$cookie);

This worked as far as the cookie got written and retrieved in the next session. But changing the first line to :

$cookie = $cgi->cookie(CGISESSID => $session->id, -path=>'/www/3013/www/admin');

results in that no cookie is longer stored. why?

look in the server error logs if you can, there might be a clue why that code fails.

Instead of doing:
$cookie = $cgi->cookie(CGISESSID => $session->id, -path=>'/www/3013/www/admin');
print header(-cookie=>$cookie);

do this:
$session = new CGI::Session(undef, $cgi, {Directory=>"full/path/sessions"});
$session->header; # this will create the cookie for you

http://search.cpan.org/~markstos/CGI-Session-4.38/lib/CGI/Session.pm#header()


After creating the session, all other pages should use load() instead of new():
my $session = CGI::Session->load() or die CGI::Session->errstr();

http://search.cpan.org/~markstos/CGI-Session-4.38/lib/CGI/Session.pm#load()

Thanks. It suddenly occurred to me, that the problem had nothing to do with the cookie. The problem is that the path to the sessions directory wasn't the full path, so when working in another directory than /admin, the program started to store the sessions in the root of the disk instead of the root of my website.
Stupid of me to not think of that :-)