Re: Perl Sessions and Cookies - Cookie don't get passed

Your redirect is wrong. Always test the real output from the command line or with curl or something if your script isn’t behaving–

perl -MCGI=:all -e 'print redirect("http://some/full/uri", cookie(-nam
+e => "x", -value => "y" ))'
Status: 302 Found
Window-Target: x=y; path=/
Location: http://some/full/uri
[download]

This—Re: CGI::Application redirect loses cookie—shows redirect with cookie with CGI.

Couple other points–

Redirect URIs RFC:MUST be absolute. Most browsers do the right thing on relative ones but it’s still wrong.
No customer/user/db specific information should ever, ever, ever be in a cookie. Ever. Not even encrypted, perhaps a signed hash but that’s a different kettle of clams: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Cookies.

Comment on Re: Perl Sessions and Cookies - Cookie don't get passed Select or Download Code

Replies are listed 'Best First'.
Re^2: Perl Sessions and Cookies - Cookie don't get passed by Yaerox (Scribe) on Mar 06, 2015 at 08:12 UTC
Thanks for the other points, I'll take a look on it. I rebuilded this stuff by using CGI::Session now. It works fine, and I'm actual just saving the username and a sessionID to validate the user on every page.	[reply]