Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

How can I do this, Of course ill get an error, and when I refresh the page I wont but, how can I tell right then if the cookie was saved on the computer? 
  my $cookie = cookie(
                -NAME => "Matrix",
                -VALUE => "$username&&$cpassword",
               -EXPIRES => "+2y",
        -PATH => "/",
            );
  print header(-COOKIE => $cookie, -COOKIE => $cookie, );

  $cook = cookie(Matrix);
  if(!$cook) {
    push(@error, "Your browser does not accept cookies");
  }

[download]

Replies are listed 'Best First'.
Re: Cookie Problem
by dws (Chancellor) on Nov 02, 2002 at 05:27 UTC
    how can I tell right then if the cookie was saved on the computer?

    Browsers might refuse to accept persistent cookies, but most will accept "session" cookies. To set a session cookie, don't specify an -expires date. (But do specify a -domain.)

    A common trick for determining wether a browser accepts persistent cookies is to do the following:

    • If a persisent cookie is detected, succeed.
    • If no cookies are detected, try to set both a session cookie and a persistent cookie.
    • If a session cookie is detected, but no persistent cookie, fail.

    See merlyn's article Basic Cookie Management for more detail.

    Also, it's not clear from your post whether $cpassword is encrypted or note. It's unwise to store an unencrypted password in a cookie.

[reply]
      It's unwise to store an unencrypted password in a cookie.

      It's unwise to store anything other than a shortlived session key hash in a cookie, period. See that same article by merlyn.

      Update: dws points out that many things are fine to store in a cookie; the user's preferred font size, f.ex. In short, it's fine to store information about the client on the client. You don't want to save anything that controls server side operation in a cookie, though.

      Makeshifts last the longest.

[reply]
Re: Cookie Problem
by rob_au (Abbot) on Nov 02, 2002 at 06:53 UTC
    In addition to the excellent comments by dws above, I would only add that one other limitation of the Cookie mechanism of which you should be aware is that it is not possible to set and retrieve a Cookie within a single HTTP request - I only add this comment as it is not clear that you are aware of this from the code snippet provided.

    In the article from merlyn to which a link has been provided, this issue was addressed by redirecting the client browser back upon the script, with the appropriate Set-Cookie header, if the required cookie did not already exist. The relevant section of code follows:

    =25=        param("_cookiecheck", 1);   # prevent infinite loop
=26=        print redirect (-cookie => $cookie, -uri => self_url());

    [download]

    It may also be useful to read further about Cookies from the appropriate RFC document.

     

    perl -e 'print+unpack("N",pack("B32","00000000000000000000000111011000")),"\n"'

[reply]
[d/l]

Back to Seekers of Perl Wisdom