Looking for CGI session guidance

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I've put together some PERL code for a small website I'm making. I have managed to have it take a user given username and password, and be directed to a page based on a third field "access" using MySQL tables.

What I don't have, and need is a way to created a cookie to remember who they are when they log in.

This would serve 2 purpose. Be able to use that cookie to greet them, and use the cookie as security for the pages. (no cookie means they didn't log in, yadda yadda).

I've seen a lot of CGI cookie techniques, none of which I could get to work. Perhaps my Host is missing something? It would only type on the screen what I had in my .pl file.

So I need a bit of code that I can put in a .pl file that would save form info into a cookie that is not CGI, but just PERL.

Please help!

Thanks for your time.

update (broquaint): added formatting and title change (was Should be simple enough.)

Comment on Looking for CGI session guidance

Replies are listed 'Best First'.
Re: Looking for CGI session guidance by Ovid (Cardinal) on Mar 03, 2003 at 22:00 UTC
I haven't used it, but from what I can see, CGI::Session looks very easy to use. It also has a Cookbook available with samples of frequently used recipes. Cheers, Ovid New address of my CGI Course. Silence is Evil (feel free to copy and distribute widely - note copyright text)	[reply]
Re: Looking for CGI session guidance by tachyon (Chancellor) on Mar 03, 2003 at 23:25 UTC
Set the cookie like: `use CGI; my $q = new CGI; sub set_cookie { my ( $username ) = @_; my $cookie = $q->cookie( -name => 'validated', -value => $username, -expires => '+1h', ); print $q->header( -cookie=>$cookie ); }` [download] This sets a cookie called 'validated' which contains the users name and expires in one hour. If you keep resetting it the 1 hour session contiunes until 1 hour of disuse. Check the cookie like this: `# returns username stored in cookie if we have validated user or 0 if +not sub validate { return $q->cookie('validated') if $q->cookie('validated'); return 0; }` [download] You don't really need to put the password in the cookie but a checksum is a good idea so it can't be spoofed. Consider how your site (won't) work if cookies are disabled. Another non cookie approach is to use 'hidden' fields and a checksum (like the one you need to put in your cookie) use CGI; use Crypt::Blowfish; use Crypt::CBC; my $q = new CGI; my $c = new Crypt::CBC( 'gnuisnotunix','Blowfish'); my $hidden_fields = ''; if ( validate( $q->param('username'), $q->param('password') ) { my $hidden_fields = get_hidden_fields( $q->param('username'); show_database_form($hidden_fields) } else { error( 'Invalid username/pass' ); } sub validate { my ( $username, $password ) = @_; # validate using the user/pass return 1 if $username eq 'foo' and $password eq 'bar'; # alternatively validate on the hidden fields return 1 if validate_checksum(); return 0; } sub get_hidden_fields { my $username = shift; my $checksum = $c->encrypt_hex($username); return <<HTML; <input type="hidden" name="username" value="$username"> <input type="hidden" name="checksum" value="$checksum"> HTML; } sub validate_checksum { return $c->decrypt_hex($q->param('checksum')) eq $q->param('userna +me') ? 1 : 0; } sub show_database_form { my $hidden = shift; return <<HTML; <form method="POST" action="$MY_CGI"> $hidden blah blah <input type="submit" value="Submit" name="Submit"> </form> HTML } [download] cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply] [d/l] [select]