I am just starting out with Dancer::Session::Cookie, and I have run into some behavior that I am not expecting. I put together a simple Perl Dancer app to authenticate using Authen::Simple::ActiveDirectory. My routes are below.
package auth;
use Dancer ':syntax';
our $VERSION = '0.1';
get '/' => sub {
template 'index', {user => session->{user}};
};
hook 'before' => sub {
if (! session('user') && request->path_info !~ m{^/login}) {
var requested_path => request->path_info;
request->path_info('/login');
}
};
get '/login' => sub {
# Display a login page; the original URL they requested is available as
# vars->{requested_path}, so could be put in a hidden field in the form
template 'login', { path => vars->{requested_path} };
};
post '/login' => sub {
# Validate the username and password they supplied
my $ad = Authen::Simple::ActiveDirectory->new(
host => 'host',
principal => 'example.com'
);
if ($ad->authenticate( params->{user}, params->{pass} )) {
session user => params->{user};
redirect params->{path} || '/';
} else {
redirect '/login?failed=1';
}
};
get '/logout' => sub {
session->destroy;
redirect '/';
};
true;
I am able to successfully log in and create a session. My username is placed on the main page after login, and I have a link to the /logout route. When I click on that link, the route is executed (I confirmed this in the debugger), but I am returned to the main page with my username still displayed. I would expect to be returned to the login page since no session exists. Any ideas why Dancer is behaving this way? Have I misunderstood how sessions work?
I haven't used Dancer::Session::Cookie before, but it looks like the destroy
method isn't right - it's just deleting the cookie entry from the parsed hash on the server end, but that doesn't ever get communicated back to the browser.
In place of the call to session->destroy
try this:
cookie session->session_name => '', expires => '-1 day';
That's the belt-and-suspenders approach - it empties the cookie and sets the expiration time to occur in the past.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.