CGI::Widget::Tabs exposes login credentials in url.

hesco has asked for the wisdom of the Perl Monks concerning the following question:

I've got an application I've built with CGI::Session::Auth to handle user login, etc. Yesterday I added in CGI::Widget::Tabs to facilitate navigation. That work is proceeding fine, however I'm now getting my login credentials included in the url. What pray tell, might I do to prevent this? If I go $q->delete('login_name','login_password'), my user has to re-login on every invocation. And it appears to lose its session.

But I would rather POST my requests and have a clean url, than GET them and look at this ugly stuff. Would CGI::Widget::Tabs somehow support that? If not, what are my alternatives?

-- Hugh

if( $lal && $lol ) { $life++; }

Comment on CGI::Widget::Tabs exposes login credentials in url.

Replies are listed 'Best First'.
Re: CGI::Widget::Tabs exposes login credentials in url. by CountZero (Bishop) on Jun 11, 2008 at 05:26 UTC
It is difficult to say without seeing some minimal code that shows this strange behaviour. The only thing I can think of is that CGI::Widget::Tabs expects a CGI-object of the CGI or CGI::Minimal class and CGI::Session::Auth expects a CGI-object of the CGI or CGI::Simple class. What kind of CGI-object do you use? May be there is some interference between these different objects which forces all parameters into the open? CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply]
Re^2: CGI::Widget::Tabs exposes login credentials in url. by hesco (Deacon) on Jun 11, 2008 at 08:25 UTC
`my $q = CGI->new();` [download] Actually: `my $obj->{'q'} = CGI->new();` [download] I've never actually used CGI::Minimal or CGI::Simple. I've stuck with my tried and true tools. -- Hugh if( $lal && $lol ) { $life++; }	[reply] [d/l] [select]
Re: CGI::Widget::Tabs exposes login credentials in url. by Anonymous Monk on Jun 11, 2008 at 07:41 UTC
If I go `$q->delete('login_name','login_password')`, my user has to re-login on every invocation. And it appears to lose its session. If you consult the manual, sessionCookie() For the session to be persistent across page requests, its session ID has to be stored in a cookie. This method returns the correct cookie (as generated by CGI::cookie()), but it remains the duty of the CGI application to send it.	[reply] [d/l]
Re: CGI::Widget::Tabs exposes login credentials in url. by Anonymous Monk on Jun 11, 2008 at 07:59 UTC
If I go `$q->delete('login_name','login_password')`, my user has to re-login on every invocation. And it appears to lose its session. CGI::Session::Auth should provide you with a method to delete those, its worth mentioning to the author.	[reply] [d/l]