RayStreet
Deleted
Mar 14, 2000, 3:17 PM
Post #2 of 4
(353 views)
|
Be careful about storing the passwords and just reusing them - somebody other than the actual user could just go into the admin panel and start doing things - a big security issue.
If you are going to store a password in a cookie then don't store the actual password - store the password in an format because if somebody looks at the cookie and can see the actual password then it's a good bet that the user uses the same password for everything so you've opened up a huge security breach.
I personally don't have a problem with forcing the user to enter a password - saving a previous password is maybe OK if you're on a home PC but a business machine is different.
Anyway, that's your decision so this is roughly what you need to do to set up the password cookie.
$value = "junk=$username@$password;
$name = "passcookie";
print "Set-Cookie: ";
print ($name, "=", $value, "\n");
The cookie is stored with the username and password separated with an @ symbol.
Then to get the password cookie back something like this.
$hascookie = 0;
if ($hascookie = defined($ENV{'HTTP_COOKIE'})) {
$hascookie = 0;
@allcookies = split (/; /,$ENV{'HTTP_COOKIE'});
foreach $allcookie (@allcookies) {
($name,$junk,$details) = split (/=/,$allcookie);
if ($name eq "passcookie") {
$hascookie = 1;
last;
}
}
}
The above processing handles the case where you may have multiple cookies running around.
$hascookie is set if the cookie was found and the data is in the $details variable - just split it on the @ symbol.
Hope this makes some kind of sense.
|
MAIN
SEARCH
WHO'S 
LOG 