0

For an assignment I'm building a web application that starts with a user logging in. After logging in a session is created, but upon refreshing, new session IDs are being created, so state isn't being preserved. I've read about using the POST-REDIRECT-GET method to not resubmit the login form, and I'm trying to do this with my scripts. Maybe I'm misunderstanding how and what to redirect to, but this code below isn't working. It's a subroutine that is run once the user is authenticated. Any ideas of what's going wrong?

sub send_to_main {
    my $session = new CGI::Session(undef, undef, {Directory=>'/tmp'});
    $session->expires('+1d');
    my $cookie = $q->cookie(
        -name       => 'jadrn015SID',
        -value      => $session->id,
        -expires    => '+1h');
    print $q->header( -cookie=>$cookie ); 
    my $sid = $session->id;
    $session->param('user',$user); #added to make session more unique
    print $cookie;
    print $q->redirect(
         -uri=>"http://jadran.sdsu.edu/perl/jadrn015/proj1_scripts/main_app.cgi",
         -status=>302,
         -cookie=>$cookie
     );

EDIT: I am getting the 302 message back from the server, but it is being printed to my html document (I know this is because I am printing a header before I do the redirection). However, if I delete

print $q->header( -cookie=>$cookie );

Then nothing works, after logging in, my browser either says that the file is not found or it tries to download the script.

Ybarra
  • 175
  • 3
  • 12
  • 3
    What do you mean by *"isn't working"*? Does your browser get the 302 message? What is `$q`? – Borodin Feb 27 '16 at 09:48
  • $q = new CGI; When I uncomment the line "#print $q->header( -cookie=>$cookie );" the page works, but the redirect is printed onto the html document (because it is no longer the first header) and It says "OK the document has moved here" with a link. But if the line "#print $q->header( -cookie=>$cookie );" is commented out, when the user logs in it tries to download the cgi file...weird. Very new to perl, so I don't really know whats going on! Thanks for the response. @borodin – Ybarra Feb 27 '16 at 09:55
  • 1
    From [the manual](https://metacpan.org/pod/distribution/CGI/lib/CGI.pod#CGI.pm-HAS-BEEN-REMOVED-FROM-THE-PERL-CORE): *CGI.pm is no longer considered good practice for developing web applications, including quick prototyping and small web scripts. There are far better, cleaner, quicker, easier, safer, more scalable, more extensible, more modern alternatives available at this point in time. These will be documented with [CGI::Alternatives](https://metacpan.org/pod/CGI::Alternatives).* – Quentin Feb 27 '16 at 10:25
  • @Quentin: That's a useful warning, but largely irrelevant to the OP's situation. This is a question regarding a class assignment about CGI web applications – Borodin Feb 27 '16 at 10:33

2 Answers2

1
print $q->header( -cookie=>$cookie );

The above takes the cookie and outputs it in an HTTP header

print $cookie;

The above takes the cookie, converts it to a string, then outputs it in the HTTP body.

print $q->redirect(

The above generates a redirect HTTP header … but you have already started the HTTP body … so it gets output as text instead.

Don't print the text of the cookie.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • But when I take out that first line you mention "print $q->header( -cookie=>$cookie );", the code just ceases to work. Any idea why? I was just printing the cookie for test purposes, definitely gonna take it out! @Quentin – Ybarra Feb 27 '16 at 10:35
  • @Ybarra — That isn't the line I told you to take out. The line I told you to take out is `print $cookie`, which is generating the HTTP body before you finished generating the headers. – Quentin Feb 27 '16 at 10:50
  • I did take it out, it still is doing the same thing. At the bottom of my page it displays the server message, which says "OK the document has moved here," where 'here' is a link to the next cgi script, which works when I click on the link. But taking out `print $cookie` didn't change anything unfortunately. – Ybarra Feb 27 '16 at 11:07
1

As others have already pointed out, you are printing out too many things. All you should print is the redirection instruction.

print $q->redirect(
    -uri=>"http://jadran.sdsu.edu/perl/jadrn015/proj1_scripts/main_app.cgi",
    -status=>302,
    -cookie=>$cookie
);

All other print statements need to be removed.

You say:

if I delete

print $q->header( -cookie=>$cookie );

Then nothing works, after logging in, my browser either says that the file is not found or it tries to download the script.

It seems to me that this is evidence that it is working. Looks like your browser is being redirected correctly and the errors that you are seeing are down to your second URL (the one that you redirect to) being either incorrect or misconfigured.

There are a couple of simple tests that you can run to demonstrate that it's working correctly.

  1. Use curl or something like that to make the HTTP request and see that you're getting the correct 302 response. Browsers are a terrible way to debug redirection problems as they go out of their way to hide what is actually going on.

  2. Try visiting the redirection URL directly. I suspect you'll get the same problems, which will prove that the problems are down to the URL, not your redirection code.

Dave Cross
  • 68,119
  • 3
  • 51
  • 97