Sylvyr has asked for the wisdom of the Perl Monks concerning the following question:

Okay this is a tough and obscure one so I'm going to post as much background as I can. Even if I can't get a solution based on what I know thus far; ideas are better than nothing.

So here goes:

I've made a cookie-based authentication script. It's as simple as the login/password and session ID being stored in a cookie on the user end and the authentication script is executed each time data is submitted. If for some reason the login/pw on the user's side don't match the server side, they're booted out.

For navigation I'm simply using a "session file" to determine what's displayed on the user screen. The session file is changed depending on what's submitted to the main script.IE: if the user clicks on a hyperlink that's pointing to "http://website.com/cli/client.cgi?cmd=OPERATION&ident_a=123&ident_b=123"

I'll have the script update the session file to store what part of the site the user is currently visiting, and then, using SSI, send it back to the "index.shtml" page where the proper results *should be* displayed.

Okay so here's my problem:

I have a user who can connect and login to the site fine. They enter their login/pw on the form and it brings them to their member home page. However, whenever they try to submit any further data, it doesn't update on the server side. It's almost like their machine wont let them submit queries with arguments.

I know they have cookies enabled and I know they're working because of the simple fact that they are able to login, and see the proper login page with their info listed and such.

-ANY- comments, suggestions, or possible solutions would be much appreciated.

If I've left anything out or if anyone needs any more info, please don't hesitate to ask.

Thanks.

Replies are listed 'Best First'.
Re: Perl/Cookie and data transmission
by Joost (Canon) on Jun 01, 2005 at 16:53 UTC
    That sounds like a bug in your program :-)

    Is there a good reason you're not using the well-tested and easy to use CGI::Session? By the way, storing the username/password in a cookie doesn't buy you any extra security if you have a good session system. It'll probably even be a security risk if any of the other users manages to do a XSS attack. Some monk here has an example on his home-node, but I forgot who.

    Update: remember that you can't read cookies or query parameters from a script included using SSI.

    "What should it profit a man, if he should win a flame war, yet lose his cool?"
[reply]
Re: Perl/Cookie and data transmission
by dynamo (Chaplain) on Jun 01, 2005 at 17:57 UTC
    Do you have users who can connect, login, and sucessfully update the page they are on / other info?

    It's a very different problem if there are no users who can use the system properly vs. one user with an issue. If it's just the one user, I promise you that it's something related to just their user account, or their browser, etc.. and it simplifies things immensely.

    On the other hand, if no one's user account is updating properly, and never has been, your debugging should focus on site logic as opposed to user data and platform stuff for the one guy.

    Could you explain more about what they are trying to do when they 'submit any further data'? I am thinking you mean change pages, but more detail might help find the problem.

[reply]
      Sorry about the mix-up.

      All the other users have been able to connect AND navigate the site with the exception of the one client in question, in their office.(I can connect and navigate using their login from any other location)

      The "client in question" can connect to the main page via the login form but is unable to navigate from there.
      It seems like whenever they try to submit any arguments it doesn't work. ie: client.cgi?arg1=123&arg2=321

      Are there any browser, software, or even firewall specific settings that would prevent someone from submitting data in the form of an argument? Or maybe any other software/hardware specific settings? We've tried from multiple computers in their office and had the same results so I'm beginning to think it could be in their network.

[reply]
        It sounds to me like it could very likely be their network if only computers from inside their network (and more than one of them) are having the problem. Especially if the login works from other locations.

        As for what exactly could be the problem, here are a couple guesses..

        Maybe your client in question is running through a proxy that doesn't want to update or pass through his cookies properly.

        Maybe his browser at work has higher security settings than the machine you tested his login on elsewhere, or the settings are triggered differently based on where you login from -- for example, if you login from the same subnet as the server, perhaps that loosens restrictions.

        I can't really think of many other network-related settings. Get some debug info on the server side to help narrow down the issue: make scripts that will just dump their args and cookies back to the browser and you can see exactly what is being updated and when.

        Hope that helps.

        - P

[reply]

Back to Seekers of Perl Wisdom