If all you do is "encrypt" the password in a cookie, and
let the cookie all that's needed for authentication, using
of a cookie is hardly any more secure than sending the
password. If an attacker snoops the cookie, he/she can
pretent to be the user. About the only protection this
cookie scheme offers is towards the user - if she uses
the same password for different sites, an attacker can't
use the cookie (assuming the attacker doesn't know the
decryption key) to log in as the user to a different site.
Off course, discussing these kinds of schemes has hardly
anything to do with Perl. The level of protection offered
doesn't depend on the language you are creating the cookies
in.
Abigail