CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Beginner:



Mar 9, 2000, 3:04 AM

Post #1 of 4 (921 views)
Cookies Can't Post

Hi guys.

I need to set a cookie containing a user name and password from the last time that someone logged in to an administration panel. Then I need to read it and the next time they visit their user name and password will already be in the form. But if they typed in the wrong password or user name they can do it again and it will over write the other cookie.




Mar 14, 2000, 3:17 PM

Post #2 of 4 (921 views)
Re: Cookies [In reply to] Can't Post

Be careful about storing the passwords and just reusing them - somebody other than the actual user could just go into the admin panel and start doing things - a big security issue.

If you are going to store a password in a cookie then don't store the actual password - store the password in an format because if somebody looks at the cookie and can see the actual password then it's a good bet that the user uses the same password for everything so you've opened up a huge security breach.

I personally don't have a problem with forcing the user to enter a password - saving a previous password is maybe OK if you're on a home PC but a business machine is different.

Anyway, that's your decision so this is roughly what you need to do to set up the password cookie.

$value = "junk=$username@$password;
$name = "passcookie";
print "Set-Cookie: ";
print ($name, "=", $value, "\n");

The cookie is stored with the username and password separated with an @ symbol.

Then to get the password cookie back something like this.

$hascookie = 0;

if ($hascookie = defined($ENV{'HTTP_COOKIE'})) {
$hascookie = 0;
@allcookies = split (/; /,$ENV{'HTTP_COOKIE'});
foreach $allcookie (@allcookies) {
($name,$junk,$details) = split (/=/,$allcookie);
if ($name eq "passcookie") {
$hascookie = 1;

The above processing handles the case where you may have multiple cookies running around.

$hascookie is set if the cookie was found and the data is in the $details variable - just split it on the @ symbol.

Hope this makes some kind of sense.


Mar 14, 2000, 3:19 PM

Post #3 of 4 (921 views)
Re: Cookies [In reply to] Can't Post

Oops - my typing is getting worse.

I meant to say you should store your password in an encrypted format, not just a format. There are a few encryption/scrambling progs out there for you to grab.


Mar 16, 2000, 11:00 PM

Post #4 of 4 (921 views)
Re: Cookies [In reply to] Can't Post

Hey, thanks a lot,

I'll try that out tonight. Sorry for the delay though. I've been sooo busy.



Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives