Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: html and cookie expiration

by tjh (Curate)
on May 05, 2003 at 13:03 UTC ( [id://255607] : note . print w/replies, xml ) Need Help??

in reply to html and cookie expiration

If I understand correctly, you're thinking of storing actual user-entered data in a cookie that gets recalled, possibly altered and stored again, or used.

Security and data integrity problems aside (and they're numerous, both in data storage in cookies, and in hidden form fields), I'd recommend:

  • Use the cookie as a session ID only.
  • Somehow, store previous pages of data server-side
  • Make sure the data is somehow associated with the session ID

This way, you can retrieve and add to or alter the data on the server, rather than the browser, and you don't have to worry about cookies expiring, cookie length restrictions, and the like.

An excellent article about just such as arrangement, by our very own merlyn, is Here. Also, a Super Search about sessions and state will show many other discussions, and some snippets, that are helpful.