CGI :: Session Exhausted Cookies and Browser Refresh

advertisements

A user enters a page in my web application. If the cookie is expired I provide the user with a link to the login page ask the user to login again. If he clicks the logout button the cookie is set to expire in the past.

    $cookie = $cgi->cookie(-name=>"CGISESSID",-value=>'', -path=>'/',-expires=>'-1d');

The cookie is being set correctly to expire in the past as seen in page info of the browser However the page doesn't know that until I click refresh

my $cookie = $cgi->cookie('CGISESSID');
if ($cookie){
        #show content
}else{
        $cookie = $cgi->cookie(-name=>'CGISESSID', -expires=>'now');
        print $cgi->header(-cookie=>$cookie);
        print "Please log in again ";
        print "<a href=\"/login.html\"> Login page </a>";
}

How can I force the page to refresh so as to delete the cookie. If I redirect the page a simple back button will display the content even if the cookie is expired.

I have login.pl and login.js set up as in http://www.ibm.com/developerworks/webservices/library/ws-simplelogin/#loginJS


On logout, you can redirect to another page:

$cookie = $cgi->cookie(-name=>'CGISESSID', -expires=>'now');
print $cgi->redirect(-uri => 'http://www.example.com/login', -cookie => $cookie);

EDIT: I think I misunderstood your question. It sounds like what you really want to do is redirect as soon as the cookie expires. This is tricky. Say our user's session expires, but they just leave the current page open in their browser. Unfortunately, our CGI script won't run again until the user sends another request, say by refreshing the page. And until they send a request, we won't know if their session has expired.

One possible solution is set your page to auto refresh using an HTML <meta> tag:

use CGI qw(meta);

print $q->header,
      $q->start_html(
          -head => meta( { -http_equiv => 'refresh',
                           -content => '60;URL=http://www.example.com/foo.cgi' } )
      ),
...

This will redirect to your CGI script every 60 seconds, allowing you to check the session again.

On another note, there are really much better tools than CGI.pm for developing web applications in Perl: Dancer, Mojolicious, and Catalyst, among others.