wolverina has asked for the wisdom of the Perl Monks concerning the following question:

It was suggested to me that i use cookies to store variable data in order to enable multiple scripts to access the same variable between http process's. Was wondering if perhaps someone had an example of storing variables in cookies and accessing them. -Lisa

Replies are listed 'Best First'.
Re: cookies n variables
by chromatic (Archbishop) on Nov 15, 2002 at 08:36 UTC

    The Synopsis of CGI::Cookie has an example.

    Cookies are a bit like hashes, in that there is a name and a value. Beware, though. You must first set a cookie in a response to a browser request. You cannot read the cookie until the browser makes subsequent requests, and then only if the browser accepted the cookie.

[reply]
Re: cookies n variables
by Ryszard (Priest) on Nov 15, 2002 at 11:25 UTC
    Keep in mind if you're going to be storing information in a cookie, a user can manipulate it.

    The safest way to do this, is store your information server side, and create a 'non-determinate' value as the cookie value. Hookup the non-determinate value with the data, and you can map the data between the browser and what you have stored server side.

[reply]
      You can Encrypt the cookies for safety .... there is a very good example in the MOD_PERL Book about encrypting the cookies Using MD5 and crypt modules
[reply]
        1. If you encrypt using md5, how do you expect do decrypt?
        2. If you encrypt using another scheme, how do you get back data the user has deleted from the cookie?

        There is only one truely safe way to do this, and that is to maintain state with a cookie (or hidden params) (see previous post). The information stored server side is non-volatile, any information stored in a cookie is volatile and susceptible to tampering/attack/deletion et al.

        Using a session NDV session id makes everything *that* much more safer. Of course there is safe and there is *safe*, and any solution chosen should represent the level of risk allowable for the project.

        For example a site may manage content via a cookie, and default to a default page if the cookie is not found, however a bank may use any combination of challenge/response using a 3rd party token generator (ala secure_id)...

        IMO it is *so* easy to produce a decent level of security with a NDV sess_id, and storing the information server side, why not do it? why put information into a volitile data source?

[reply]
Re: cookies n variables
by sauoq (Abbot) on Nov 15, 2002 at 07:37 UTC

    Well, you'll be best off using LWP for this. Install it if you don't have it already. Then read the docs for LWP::UserAgent, HTTP::Request, HTTP::Response, and HTTP::Cookies. That should get you started. I think there are some good examples in the docs.

    -sauoq
"My two cents aren't worth a dime.";
[reply]
Re: cookies n variables
by TexasTess (Beadle) on Nov 15, 2002 at 12:54 UTC
    I used cookies recently in a project to maintain state and store values between accesses and it worked rather well for me HOWEVER, I found the CGI::Cookie routine to be rather useless for my purposes as it is difficult to mix CGI.pm with other code that is not OO and most of mine was pure long hand. So, if you find that you have problems with the header timing you can use a javascript that writes your cookie in a blank html page that has a refresh rate set to 1. The page is written by the perl script and only appears for a brief second but performs the job marvelously. There are many examples available that illustrate how to break up cookie data easy enough once it's been written in either java or perl so you should not have a problem.... 
    if ($ENV{'HTTP_COOKIE'}) {
   @cookies = split (/; /, $ENV{'HTTP_COOKIE'});
   foreach $cookie (@cookies) {
    ($name, $value) = split (/=/, $cookie);
    $cookie_hash{$name} = $value;
   }
}

    [download]
    Google it, you'll find a ton of examples...

    TexasTess
    "Great Spirits Often Encounter Violent Opposition From Mediocre Minds" --Albert Einstein
[reply]
[d/l]

      how, exactly, is CGI.pm difficult to use with non-OO code? that doesn't make any sense to me.

      what is the problem you are referring to with header timing? i've been doing CGI programming and using cookies for years now and have never encountered a problem like that.

      finally, i really would strongly recommend not trying to reinvent the wheel and write your own cookie parser. CGI.pm does the job just fine and should be easier to read. see use CGI or die; for more on that.

      anders pearson

[reply]
[reply]
Re: cookies n variables
by cecil36 (Pilgrim) on Nov 15, 2002 at 20:58 UTC
    My boss and I were discussing how we could track outside referrals to our website. What we need to do is have a way to keep a referral ID with the user as they navagate our site from when they first enter all the way up to when they purchase a product or service. My temptation is to use a cookie and set it when the person enters. My boss is saying that people may have cookies disabled, and we need a way to track them as well. I said in response that in that case, we need to figure out what percentage of people who visit our site have cookies disabled and decide if it's going to be worth forgetting about those people. Is there a solution where we can track all the visitors to our site back to wherever they were referred from, regardless of whether or not they're accepting cookies?
[reply]
      There are any number of ways to store this information and cookies would not have come to my mind as a solution to your problem. You need a record of $ENV{HTTP_REFERER} for each visitor so write it to a flat file on the server or store it in a database table if you have db access.
      HTH,
      jg
      _____________________________________________________
      "The man who grasps principles can successfully select his own methods.
      The man who tries methods, ignoring principles, is sure to have trouble.
      ~ Ralph Waldo Emerson
[reply]
[d/l]
        Except I have found that many times that $ENV{HTTP_REFERER} has been blocked by a filtering proxy more frequently than cookies have been disabled.

        -Waswas
[reply]
Re: cookies n variables
by kiat (Vicar) on Nov 16, 2002 at 09:10 UTC
    Hi Lisa,

    You can try the code below, which stores a cookie if it's not already present and retrieves it if it is:

    #!/usr/local/bin/perl

use CGI qw(:standard);

#get the cookie
my $thiscookie = cookie('cookie');

if ($thiscookie) {
  msg("Cookie found: $thiscookie\n", '');
}
else {
  my $value = 'camel';
  my $cookie = cookie(-name => 'cookie', -value => $value);
  msg("Cookie set: $value", $cookie);
}

sub msg() {
  my ($msg, $cookie) = @_;
  if ($cookie) {
    print header(-cookie => $cookie);
  }
  else {
    print header();
  }
  print "<html>\n";
  print "<head>\n";
  print "<title>Cookie set....</title>\n";
  print "</head>\n";
  print "<body>\n";
  print "$msg<br>";
  print "</body>\n</html>\n";
  exit;
}

    [download]
    Code may not be perfect but it does give you an idea of what you want to do :)

    kiat
[reply]
[d/l]

Back to Seekers of Perl Wisdom