Re: Authenticate with Cookies

There is a good example in the MOD_PERL Eagle Book which uses MAC ....

# Check or generate the MAC authentication information
sub MAC {
    my($state, $action) = @_;
    return undef unless ref($state);
    my @fields = @{$state}{qw(TIME ODNAME USRNAME)};
    my ($newmac) = MD5->hexhash(SECRET .
                MD5->hexhash(join '', SECRET, @fields));
    return $newmac eq $state->{MAC} if $action eq 'check';
    return $state->{MAC} = $newmac if $action eq 'generate';
    undef;
}

# Save the current state
sub save_state {
    my $state = shift;
    MAC($state, 'generate');  # add MAC to the state
    # encrypt the cookie
    my $encrypted = $CIPHER->encrypt_hex(join ':', %{$state});
    return CGI::Cookie->new(-name => COOKIE_NAME,
                            -path =>'/cgi-bin',
                            -value => $encrypted,
                );
}


# Retrieve an existing state
sub get_state {
    my $cookie =  CGI::cookie(COOKIE_NAME);
    return undef unless $cookie;
    # decrypt the cookie
    my %state = split ':', $CIPHER->decrypt_hex($cookie);
    authentication_error() unless MAC(\%state, 'check');
    return \%state;
}
[download]

Comment on Re: Authenticate with Cookies Download Code