Home/ Questions/Q 8487903
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T21:22:56+00:00

Here is my authentication logic: sub user_logon { my ($dbh, $cgi, $cache, $logout) =

  • 0

Here is my authentication logic:

sub user_logon {
my ($dbh, $cgi, $cache, $logout) = @_;

#use Log::Log4perl qw(:easy);
#Log::Log4perl->easy_init($DEBUG);

my $session = new CGI::Session("driver:MySQL", $cgi, {Handle=>$dbh});

$session->expires("+3h");
my $auth = new CGI::Session::Auth::DBI({
    CGI             => $cgi,
    Session         => $session,
    IPAuth          => 1,
    DBHandle        => $dbh,
    #Log             => 1,
});

if($logout) {
    $auth->logout();
}
else {
    $auth->authenticate();

    if($auth->loggedIn) {
        my $user = Cherry::Schema::ResultSet::Employee::get_employee($dbh, $cache, { number => $auth->{userid} });

        if (!$user->{active}) {
            return { error => $user->{name} . ' is not an active employee.' };
        }

        $user->{cookie} = $auth->sessionCookie();
        return $user;
    }
    elsif($cgi->param('action') eq 'logon') {
        if($cgi->param('log_username') && $cgi->param('log_username')) {
            return { error => 'Your username and/or password did not match.' };
        }
        elsif(!$cgi->param('log_username') || !$cgi->param('log_username')) {
            return { error => 'Please enter a username and a password.' };
        }
    }
    else {
        return { error => 'You are not logged in' };
    }
}
}

sub handle_authentication {
my ($dbh, $cache, $config, $params, $cgi) = @_;

if(($cgi->param('auth') || '') eq 'super_user') { # for automation
    return;
}

if(($params->{action} || '') eq 'log_off') {
    user_logon($dbh, $cgi, $cache, 1); # 1 means log out
    login_form($config, 'Successfully logged out', $params->{login_url}, $params->{title});
}

my $user = user_logon($dbh, $cgi, $cache);

if(exists $user->{error}) {
    login_form($config, $user->{error}, $params->{login_url}, $params->{title});
}
elsif($user->{number}) {
    return $user;
}

}

Then in my code, every time I print a header, it looks something like this:

my $user = Cherry::Authentication::handle_authentication(
$dbh,
$cache,
\%config,
{
    action      => $FORM{action},
    username   => $FORM{log_username},
    password    => $FORM{log_password},
    auth        => $FORM{auth}
},
$cgi
);
print header( 
    -type   => 'application/json',
    -cookie => $user->{cookie}
);

The problem is that this code seems to work very well about 80% of the time. The other 20%, users are getting kicked out (and not after being stale for 3 hours).

Are there any obvious flaws in this code? Have I left any crucial code out?

If you feel is there not enough information here to give a viable solution, do you have any general suggestions on what can be done to troubleshoot these types of issues?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    With this particular problem, there was some code in play that I was unaware of.

    $cookie = CGI::Cookie->new(
    -name       => $session->name, # problem line
    -value      => $session->id,   # problem line
    -expires    => '+1y',
    -path       => '/',
    -secure     => 0,
);

my @header = (
    -cookie => $cookie,
    -type => 'text/html',
    -status     => $status
);

print $cgi->header( @header );

    The lines with the comments #problem line were assigning a new session even when one already existed.

    I installed Fiddler HTTP Debugger on the user’s computer that seemed to have the issue the most. Then, once the user was unexpectedly logged out, I reviewed the logs. I was able to find a correlation between the user visiting one url, and the unexpected log out on the next request.

    • 0