Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hey PerlMonks,

I posted a small question regarding this some time ago, but this issue was only a one off so I didnt think more about it until recently when it was reported again. What is happening, is that cookies being set on my login script are being printed to the browser, I have no idea why it is doing this and only seems to happening on a few servers. All others work fine.

My software uses Matt Wright's cookie.lib for the cookie section, here is the code for the login page: 
     print "Content-type: text/html\n";
        &SetCookies('admin',$username);
           &SetCookies('apass',"$password"); 
    print "\n";

[download]

I am at a loss :) Any suggestions? (as I said, this is only happening on a few servers)

Replies are listed 'Best First'.
Re: Cookie Headers
by grinder (Bishop) on Dec 01, 2001 at 19:21 UTC
    Matt Wright has a pretty bad name on Perl Monks, for his scripts are infamous for containing some very severe security holes. A corollary of this is that there is not a lot of expertise regarding his scripts around here. For instance, I wasn't even aware that he had a cookie-handling library.

    You would be better off consulting NMS for a series of drop-in replacements. You will be much better off in the long run. The ringleader of the project is a regular here, so you're sure to get good feedback if you have a problem.

    --
    g r i n d e r
    just another bofh
[reply]
(ichimunki) Re: Cookie Headers
by ichimunki (Priest) on Dec 01, 2001 at 19:52 UTC
    Yes. My suggestion is to switch to use the CGI module included with your Perl distribution. It has cookie handling methods that no Matt Wright script can touch in terms of usability, reliability and security.
[reply]
Re: Cookie Headers
by miyagawa (Chaplain) on Dec 01, 2001 at 19:18 UTC
    if you use mod_perl (if you don't, ignore this), put PerlSendHeader On onto httpd.conf or so.

    --
    Tatsuhiko Miyagawa
    miyagawa@cpan.org

[reply]

Back to Seekers of Perl Wisdom