Re: Perl Sessions and Cookies - Cookie don't get passed

Replies are listed 'Best First'.
Re^2: Perl Sessions and Cookies - Cookie don't get passed by Yaerox (Scribe) on Mar 05, 2015 at 15:36 UTC
I'd like to be able to go the same way like I'd do in PHP. I don't get this in Perl the way I want to ... I rewrote my scripts by using CGI::Cookie but now I got the problem that I can't expire the cookie when I want to. It expires by what I configured but on my logout script I'd like to delete the cookie immediately. Tomorrow I'll do a second try by using CGI::Session ...	[reply]
Re^3: Perl Sessions and Cookies - Cookie don't get passed by cheako (Beadle) on Mar 05, 2015 at 19:16 UTC
To prevent XSS attacks you should have a 'logged in' hidden input. Clear this input to logout, leave the Cookies as they are. It's been awhile since I've worked with HTTP sessions, but if memory serves you should be putting the last login name into a cookie and the "this user is logged in" data into form fields or a this cookie is logged in untill after on the server. You definitely should not be using cookies to determine if a user is logged in, that much I remember clearly. You need either server side session or form variables. Place a "good for so long" password hash into an HTML hidden input and you'll do just fine.	[reply]
Re^4: Perl Sessions and Cookies - Cookie don't get passed by Anonymous Monk on Mar 06, 2015 at 13:41 UTC
To prevent XSS attacks you should have a 'logged in' hidden input. What does this thread have to do with XSS attacks? And how do hidden form fields "prevent" them?	[reply]
Re^5: Perl Sessions and Cookies - Cookie don't get passed by cheako (Beadle) on Mar 06, 2015 at 18:31 UTC
Re^6: Perl Sessions and Cookies - Cookie don't get passed by karlgoethebier (Abbot) on Mar 07, 2015 at 17:06 UTC
Some notes below your chosen depth have not been shown here