I am not too familiar with perl, so needs advice or pointer where to look at the solution. Looking at the code it uses cookie. But not sure how to remove the cookie and redirect to login page.
In PHP -which I am more familiar- I just "unset" the session variable and redirect to login page.
That is, when you login does it pop up a little window with a username and password box?
If so, then there really is no way to logout aside from restarting the browser.
If it's not using HTTP, then you'll just need to find the name of the cookie it's using and then send a new one with the "data" portion invalidated.
No HTTP authentication. It uses database authentication (mysql).
send a new one with the "data" portion invalidated.
How do I do it in perl? Not sure what to fix. But below snippet seems the cookie setting:
$sessioncookie = $form->cookie(-name=>sessionid, -value=>$adminid, -expires=>'');
#if ($sessioncookie ne $adminid) { &myheader; exit; }
$loginurl ="$script?adminid=$adminid&cf=welcome&add=1";
print $form->redirect(-url=>$loginurl, -cookie=>$sessioncookie);
I guess I should create a file with
-expires=>'now'
To logout the user, simply send a cookie that updates value to ''. That way you can recycle the cookie, and it will effectively log out the user.
You can also send an expiration time in the past to make the browser delete the cookie after the next page load. Something like '-1h' should do.
P.S. to a1call, you really crack me up
[edited by: coopster at 3:32 pm (utc) on Jan. 16, 2006]
[edit reason] unlinked url [/edit]
1. You cannot close a browser window. I e.g use tabbedbrowsing. You will simply not to be allowed to close my "Browser" (Tab)
The IE stores each cookie in a file. Wich gets NOT deleted on Browser close. You never know when the IE is closed!
Even when you are sure that the file is deleted ( which you are NOT in fact you can be sure that the file is still there ) a deleted file can be undeleted-
2. You do not know what happens on the client side. Even overwriting the cookie value is NOT enough. It has been send to the client-computer. Unencrypted.
You also have to make sure that your cookie is rendered invalid after a specific time.
->
Look into the DB, find the table with the sessionid , find with the ession key the row and delete the value in your DB. And while you there check for a time stamp too.
And IT IS easier:
the logout script is something like that :
#
# code which make sure $sessioncookie has no sql injection.
# and initiates $DB with the DBI module
$DB->do("DELETE FROM session_data WHERE session_data.sessioncookie = $sessioncookie");
I will work out the solution. The package relies on cookie to maintain session. Cookie itself is created on the fly. To logout I have to expire the cookie and redirect to login page (or other landing page).
Xenon001:
Thanks for input. However no session db, so I will stick to cookie management.
