Re: Cookie Problem

how can I tell right then if the cookie was saved on the computer?

Browsers might refuse to accept persistent cookies, but most will accept "session" cookies. To set a session cookie, don't specify an -expires date. (But do specify a -domain.)

A common trick for determining wether a browser accepts persistent cookies is to do the following:

If a persisent cookie is detected, succeed.
If no cookies are detected, try to set both a session cookie and a persistent cookie.
If a session cookie is detected, but no persistent cookie, fail.

See merlyn's article Basic Cookie Management for more detail.

Also, it's not clear from your post whether $cpassword is encrypted or note. It's unwise to store an unencrypted password in a cookie.

Comment on Re: Cookie Problem

Replies are listed 'Best First'.
Re^2: Cookie Problem by Aristotle (Chancellor) on Nov 02, 2002 at 06:23 UTC
It's unwise to store an unencrypted password in a cookie. It's unwise to store anything other than a shortlived session key hash in a cookie, period. See that same article by merlyn. Update: dws points out that many things are fine to store in a cookie; the user's preferred font size, f.ex. In short, it's fine to store information about the client on the client. You don't want to save anything that controls server side operation in a cookie, though. Makeshifts last the longest.	[reply]

Replies are listed 'Best First'.

Re^2: Cookie Problem
by Aristotle (Chancellor) on Nov 02, 2002 at 06:23 UTC

It's unwise to store an unencrypted password in a cookie.

It's unwise to store anything other than a shortlived session key hash in a cookie, period. See that same article by merlyn.

Update: dws points out that many things are fine to store in a cookie; the user's preferred font size, f.ex. In short, it's fine to store information about the client on the client. You don't want to save anything that controls server side operation in a cookie, though.

Makeshifts last the longest.

[reply]