http://qs1969.pair.com?node_id=44832


in reply to Re: Login and Session Thoughts
in thread Login and Session Thoughts

I second Fastolfe's suggestion with one minor variation:

Instead of setting one cookie witht the username + password, what I usually do is set two cookies with different expires. Username expires whenever you want, and password exprires at the end of the browser session. Unless it were a low security requirement site (such as perlmonks, we aren't exactly the NSA here :)) I would never keep the full combination of usernames and passwords on the cookie at the client.

Its way too easy for someone to use the same computer later, inspect the cookies and use that information to impersonate the user. Just my US$0.02.

#!/home/bbq/bin/perl
# Trust no1!