comment on

Sure, there's all sorts of ways to do that. Essentially, you want to securely encrypt the cookie with a secret that only your script knows. That way only your script can decrypt the data in the cookie.

The first thing you need is an encryption routine. There are several in the Crypt:: family that will do the job. Crypt::DES_EDE3, Crypt::Rijndael, or Crypt::IDEA are straightforward to use and widely believed to be secure. If you have a lot of data you want to encrypt (more than about 50 characters), you'll want to use Crypt::CBC to encrypt larger amounts (the encryption modules I suggested are block ciphers, and can only work on a chunks of data of a fixed size)

That will encrypt your data; now you need to encode it in a way that it will make a reasonable cookie. MIME::Base64 is a good way to do that.

So, if you create your cookie by encrypting it and base64-encoding it, to get the data back you'll simply base64-decode it, then decrypt it with the secret key, and you have the data back. I've done this for a few projects, and it works quite well.

In reply to Re: Perl Cookie Encryption by sgifford
in thread Perl Cookie Encryption by JoeJaz

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


"be consistent"
	PerlMonks