Thanks this solved one problem, but revealed another.

I am finding that somehow the cokkie value for the second cookie is the name of the variable that held it rather than the actual value.

In my login script, I have the following to make the cookie:

  ($sessid,$tokcookie) = setup_session($userID, $userType);
  my $cookie = $cgi->cookie(-name => 'CGISESSID', -value => $sessid, -
+expires => "+30m");
  print $cgi->redirect(
             -location => $base_url,
             -cookie => [$cookie,$tokcookie]
            );

[download]

setup_session is a function defined at the end of the login script, storing in the session table things like user ID, user type, and other values not relevant to this question. $cookie gets the proper name and value. However, $tokcookie does not. Within setup_session, there is the following call

  my ($session,$tok_cookie) = DBUtility::get_session($cgi,$uid);

[download]

And there are the relevant parts of that function:

    $rv = CGI::Session->new('driver:mysql',$query,{ DataSource  => "db
+i:mysql:database=profitorius;host=$hostname",
                                                          User        
+=> 'xxxxxxxxxxx',
                                                          Password    
+=> 'yyyyyyyy' });


    my $hash = $pbkdf2->generate($enc_csrfp_str);
    $rv->param('enccsrfp',$hash);
    $cookie = $query->cookie(-name=>'H_VAL',
                             -value=>$hash,
                             -httponly => 1,
                             -expires => "+30m",
                             -secure  =>  1);
  return ($rv,$cookie);

[download]

$rv is the session, with the data retrieved from the DB. $enc_csrfp_str is a complex string, which includes a GUID (in string form, so only ASCII characters) and the user's ID. The variable $hash gets the encrypted value of $enc_csrfp_str, and you can see how I make a cookie out of it. Of course, this happens if the session is NEW. If the session is not new, then the hash cookie is retrieved using "$cookie = $query->cookie('H_VAL');" And we return the session object and the hash cookie. The mystery is why that cookie lozes it's name and gets a value of '$hash' rather than being made with the name H_VAL and the proper encrypted value originally put in $hash.

In reply to Re^2: Submiting multiple cookies on a redirect - how? by ted.byers
in thread Submiting multiple cookies on a redirect - how? by ted.byers

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.