Hi:
Thanks for observations and timely response. As for the "unknown" cookie, I am sure it is not of my origin and another "monk" suggested that my host is sending this back with each access. I have sent an email to their tech support asking this very question.
As for requesting a "secure" cookie. That was a potential problem. I copied my file with the cookie "try it" button code to my https directory and called https://www.jala-mi.org and it opened the index page there.
This was evidenced by the lack of the insecure login warning appearing from Firefox.
Clicking the "try it" button again returned the unknown cookie listing. Removing that cookie and clicking again returned no result. Try it yourself.
My logon consists of an insecure page with an iFrame which is supplied with and https delivered login form which I assume was secure.
The fact that the Firefox security warning appears suggest that the login form in the iframe is not secure.
I have posted a question on Firefox forum and they disagreed and said it was not secure. I am still disputing that.
Take note that the Firefox warning does not appear when opening the login page from rhe https location confirming that page was secure for my test.
Nonetheless, I think I have explored the avenue you suggested and this problem is not related to the secure path issue unless the fact that the path shown on the CGISESSID cookie: .www.jala-mi.org.
I looked at other cookies requiring a secure connection and the ones I looked at showed a path w/o the www as in .paypal.com .
Other unencrypted connections such as: www.paypal-community.com show the www with no dot in front of it as my cookie does. Perhaps there is something in the structure that is incorrect. I am not familiar with these issue to be able to render a judgment on this aspect.
I did a search on the module providing all the access and turned up no instances of ".www" as did the same search is all the files in the project.
As I said, I am at a loss. Below is code that sets cookie
sub SetUserSessionCookie { my ($sname,$sid) = @_; #use CGI qw/:standard/; #use CGI::Cookie; my $sessioncookie = new CGI::Cookie(-name=>$sname,-value=>$sid,-ex +pires=>$session_cookie_timeout,-path=>'/cgi-bin',-domain=>$domain,-se +cure=>1); print header(-Cookie=>[$sessioncookie],-type=>"text/html"); }
And the code calling the new cookie
warn("Hash evaluation succeded - $passhash = $passhash1 : $sess +iondata2 = $sessiondata2md5p"); my $timein = time(); $session->param('user_id',$uid); $session->param('username',$username); $session->param('forename', $forename); $session->param('lastname', $lastname); $session->param('timein', $timein); $session->param('timeout', 0); $session->param('attempts',0); $session->param('isloggedin',1); $session->expires('+7d'); # Expires($session, Now() + (86400*7)); AccessInOutLog($session); #Added 02/18/05 my $isloggedin = $session->param('isloggedin'); warn("Login User : SID '$sid' Session Logged In '$isloggedin' +"); $session->flush(); #Set session cookie on client SetUserSessionCookie('CGISESSID', $sid); my $gmtimenow = gmtime(Now()); my $localtimenow = localtime(Now()); return 3; }
In reply to Re^8: Cookie->fetch problem
by tultalk
in thread Cookie->fetch problem
by tultalk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |