CGI Session instead of using hidden variables

stumbler has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks

I am creating some webpages and I am using the 'hidden' type of the 'input' tag to pass data from one page to another.

I came across CGI Session and found it to be a better way for data persistence.

I am thinking of storing all the required data in a hash and retrieve that using session id? Would it be a good approach?

Comment on CGI Session instead of using hidden variables

Replies are listed 'Best First'.
Re: CGI Session instead of using hidden variables by hesco (Deacon) on Dec 05, 2006 at 18:37 UTC
Yes, that would be a great approach, and here is why: If you aren't passing that data back and forth with every apache server interaction, you do not make that data vulnerable to the threats of form cracking or man-in-the-middle sniffing. As I recall, CGI::Session handles this out of the box, but the primary vulnerabilities left becomes cracking your session ID and injecting bad data through th form fields. Don't make your session IDs sequential or otherwise easily guessable and you protect your application and your users from that threat, as well. As for the injection of bad data, FormValidator is useful. -- Hugh if( $lal && $lol ) { $life++; }	[reply]
Re: CGI Session instead of using hidden variables by artist (Parson) on Dec 05, 2006 at 19:47 UTC
You might be able to benefit by CGI::Application and CGI::Application::Plugin::Session --Artist	[reply] [d/l]