Re: Loging a user out with CGI and Cookies?

You should definitely read my article on branding a browser with a cookie.

In there, I say something like: do not use the presence of a cookie to indicate a logged-in state, because the browser is free to ignore your requests to remove the cookie or expire it after a while.

Instead, simply ignore that particular cookie if it's sent in the future. This means you should use a cookie only as a key to a server-side database which shows the current state of logged-in or not.

-- Randal L. Schwartz, Perl hacker

Comment on Re: Loging a user out with CGI and Cookies?

Replies are listed 'Best First'.
Re: Re: Loging a user out with CGI and Cookies? by LiTinOveWeedle (Scribe) on Apr 17, 2001 at 02:50 UTC
Hi Merlyn, maybe I am wrong but I thing that there is litle mistake in your code. Line 34: `my $cache = File::Cache->;new({namespace => 'cookiemaker',` [download] Should be without ";": `my $cache = File::Cache->new({namespace => 'cookiemaker',` [download] This probabably happened by copying line 33. Your servant Li Tin O've Weedle mad Tsort's philosopher	[reply] [d/l] [select]
Re: Re: Re: Loging a user out with CGI and Cookies? by merlyn (Sage) on Apr 17, 2001 at 17:06 UTC
That's an artifact (read: "bug") from `pod2html`, which is why I also provide the companion `colNN.listing.txt` file in the same directory. -- Randal L. Schwartz, Perl hacker	[reply]
Re: Re: Loging a user out with CGI and Cookies? by r.joseph (Hermit) on Apr 16, 2001 at 19:34 UTC
Thanks merlyn - shortly after posting this, I broke out the latest "Web Techbniques" and re-read your article a couple times. Your right - as I was testing new ideas, I noticed that sometimes my browser did in fact ignore the cookie expiry all together. Therefore, I am going to need to implement some type of server side session info, has had been previously suggested. Thanks for all the help! r. j o s e p h "Violence is a last resort of the incompetent" - Salvor Hardin, Foundation by Issac Asimov	[reply]
Re: Re: Re: Loging a user out with CGI and Cookies? by LiTinOveWeedle (Scribe) on Apr 16, 2001 at 21:05 UTC
Merlyn was right again, but should be interesting to know which one browser has problems..... Microsoft Internet Exploder? Netsuck? I am using MSIE 5.0 (PC) and I founded some diferencies between PC and Mac version - right with cookie and redirect operations. THX Li Tin O've Weedle mad Tsort's philosopher	[reply]
Re: Re: Re: Re: Loging a user out with CGI and Cookies? by r.joseph (Hermit) on Apr 17, 2001 at 02:39 UTC
I had some problems with an older version of MSIE, but I don't remember which version. However, I found out that on IE for Mac (the latest version, 4 something I think) the browser didn't even store my cookie in the first play, which was very disconcerting because that means that the login didn't work in that browser. Very odd problem, although that was the only case in which I have had that problem. r. j o s e p h "Violence is a last resort of the incompetent" - Salvor Hardin, Foundation by Issac Asimov	[reply]