Hi,

I'm fairly new to Perl/CGI and am trying to set up a website with MySQL back end. I know there's a database forum but I think my question is more CGI-related.

My question is how or where do I store successful login info (ie username and password) when a user logs in to the MySQL database using a web form?

I want the user to be able to log in and be able to view/edit their profile and other data relating to that user, using web forms and CGI.

I just can't figure out how to store the successful login info to use to connect to the database for each query.

- cookies? (I've read you shouldn't store a password in one)
- cgi::session? (I've also read I shouldn't store a password in a session object)

I'd be enormously grateful and appreciative of any help.

Thanks.

Hey granted,


Both* :) *but I don't store the user name or password in either. What I do is store the session id in the cookie. I then retrieve the session ID from the cookie to grab the session from the DB. In the session I just store the ID of the user, not the username and/or password. With that ID I can load the profile of the user for each instance or as needed.

If you end up using CGI::Session be sure to check out all the docs including the CookBook, specifically the Members Area section.

~Charlie

Thanks Chaz...

I *kind of* follow you, but when you grab the session from the DB (using the session ID in the cookie) doesn't that require you to connect to the DB (meaning you need the username/password)?

Maybe I'm confused with what a 'session' is.

Does a session stay active after disconnecting from the database following a query/transaction? If so, does this mean I don't need to check the uname/pword for each connection, as long as the session is active? (ie. I only need to check that the session is active by a valid session ID)

Sorry but I still can't get my head around this.

Thanks.

Take a look at at the module cgi::session -
http://search.cpan.org/...sion-3.95/Session.pm
It has support for mysql with cgi::session::mysql -
http://search.cpan.org/....95/Session/MySQL.pm
There is a good example of member management in the cookbook -
http://search.cpan.org/.../Session/CookBook.pm
I also use cgi::session::expiresessions which I run once a day just to keep the session table tidy.

Another one you may like to take a look at are -
http://search.cpan.org/.../lib/HTTPD/Authen.pm

Bob
http://totallyfreeads.com.au

Yes but it depends on how you set it up. With CGI::Session you can either pass in the login credentials for the DB or a DBH object. You wouldn't be sending in the users username and password on each request. Your login script would verify the username vs. password once and set the cookie with the session ID. At the same time you would store the users ID in the session. When your apps see that user you just pull the session ID from the cookie to load your session. Then you can get the user ID from the session to get the user info (or what ever else you need). I think you are confusing DB credentials with user credentials here a little bit.


The session is active for the life of the script instance. This of course depends on the scope of the session object in your script. So that means the session is reincarnated (from the session ID stored in the cookie) pretty much every time a user does something involving one of your scripts.


That sounds about right. Again, you would only check the user/pass upon signon then set the cookie with session ID. From that point forward the users ID would be stored in the session.

The docs for CGI::Session that Bob and I both posted should also help clarify things a bit. The first part of this POD should help out quite a bit too: http://search.cpan.org/.../Session/Tutorial.pm

~Charlie