Perl CGI – Session and Cookie howto
Introduction –
Almost 2 year back (today also!) I struggled a lot for implementing session and cookie in Perl CGI application. So thought to share my work with you all. I wanted to do it in my way…
Assumption, your web server ie Apache is enabled to run CGI scripts
CGI directory location – /var/application/www/cgi-bin/
Htdocs location – /var/application/www/
Perl Module direcotry – /var/application/module/
Step 1] Write Auth.pm Perl module –
Please simply copy following Auth.pm perl module for authentication using Session and Cookies…
[root@arun ~]# cat /var/application/module/Auth.pm package Auth; ### Subroutine to authenticate user sub User { my ($ref_page) = (@_); ### Session information my $sid = $ref_page->cookie("APP_SID") || undef; my $session = CGI::Session->load(undef,$sid); if ( $session->is_expired ) { print $ref_page->redirect(-location => '../arun.html');} elsif ( $session->is_empty) { print $ref_page->redirect(-location => '../arun.html');} else { print $ref_page->header();} # don't forget to create dir '/var/tmp' # with proper ownership/permission #$session = new CGI::Session(undef, $sid, {Directory=>'/var/tmp'}); ################################################# return($session->param('login_user')); } 1; [root@arun ~]#
Step 2] authe_me.pl –
authe_me.pl file is used to set cookies and verify username/password. You may use MySQL DB to store username and password. In this case you have to this file…
[root@arun ~]# cat /var/application/www/cgi-bin/auth_me.pl #!/usr/bin/perl sub BEGIN { unshift (@INC, '/var/application/module/'); } use strict; use warnings; use CGI qw(:standard); use CGI::Session; use Auth; ## our module ### Header ######################## my $page = CGI->new(); ##print $page->header(); ########## if ( $ENV{REQUEST_METHOD} eq "POST" ) { my %form; my $session_dir="/var/tmp"; my ($admin_user,$admin_password) = ("admin","arun123"); foreach my $key (param()) { $form{$key} = param($key);} ## if (($form{username}) && ($form{password})) { ### Session Details ### CGI::Session->name("APP_SID"); ## Create new session my $session = new CGI::Session(undef, undef, {Directory=>$session_dir}); ## Set cookies my $cookie = $page->cookie(-name=>$session->name(),-value=>$session->id(),-expires=>'+2h',-path=>'/'); ## Store data in session variable and save it $session->param('login_user',$form{username}); # OR ##$session->param(-name=>'login_user',-value=>$form{username}); $session->save_param($page, ["login_user"]); ## Session and Cookie expiration time is SAME. $session->expire("+2h"); #### Session Details end #### ## if login successful redirect to main.pl else login page if (($form{username} eq $admin_user) and ($form{password} eq $admin_password)) { print $page->redirect(-location => 'main.pl',-cookie=>$cookie);} else { print $page->redirect(-location => '../arun.html'); } ############################ } else { print $page->redirect(-location => '../arun.html'); } } [root@arun ~]#
Step 3] Create Login Page –
[root@arun ~]# cat /var/application/www/arun.html <html> <title>Arun Login Page</title> <!-- Form start --> <table align='center' border='1'> <form method="POST" action="cgi-bin/auth_me.pl"> <tr> <td><label>Login</label></td> <td><input name="username" type="text"></td> </tr> <tr> <td><label>Password</label></td> <td><input name="password" type="password"><br/></td> </tr> <tr> <td><input value="Submit" type="submit"></td> </tr> </form> </table> </html> [root@arun ~]#
Step 4] Create main page where Session and Cookie authentication verified – main.pl
[root@arun ~]# cat /var/application/www/cgi-bin/main.pl #!/usr/bin/perl sub BEGIN { unshift (@INC, '/var/application/module/'); } use strict; use warnings; use CGI qw(:standard); use CGI::Session; use Auth; ### Header my $page = CGI->new(); ## check authentication my $login_name=Auth::User($page); ### print $page->start_html( -title=>'Arun Main Page'); print "<h3>This is Main Page</h3></br>"; print "<br>Login Name - $login_name"; #end [root@arun ~]#
Step 5] Please access login page and try http://your_ipaddr/arun.html
Thank you,
Arun