Help on cookies

kprasanna_79 has asked for the wisdom of the Perl Monks concerning the following question:

Greeting Monks,
My project uses CGI::Cookie, using which the user info is sent to client browser, and by validating this cookie i let the user to browse the site. But now there is a requirement such a way that i should not use the cookie. Is there any other way i can handle the situation without cookie.
Any one used method other than cookie.
My idea is having a hidden variable in browser and storing the userinfo encrpted way move to various page in same way.. Please guide me...
--Prasanna.K

Comment on Help on cookies

Replies are listed 'Best First'.
Re: Help on cookies by Joost (Canon) on May 19, 2005 at 14:45 UTC
If I understand you correctly, you're storing sensitive data in cookies. That is fundamentally insecure. I suggest you use CGI::Session instead (and either use a cookie or a query parameter to pass the session ID). "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]
Re: Help on cookies by smocc (Novice) on May 19, 2005 at 14:44 UTC
If I understand correctly what you're thinking about, I would say that you do not want to do that, especially if you'll be using GET links (which is the only sensible way to do it). If I were a hacker-type I could just enter the URL into my browser as `http://thisisasite.com/cgi-bin/browser.cgi?foo=bar&hiddenvalue=yes` and it would be about that simple to gain basic access to things that you probably don't want me to have access to. ---------- "We shall peck them to tomorrow, my dear."	[reply] [d/l]