in reply to Re: Cookie and Session
in thread Cookie and Session

Here is the first page that is called when the "Submit" button is clicked and "User ID and Password" is passed (via the POST method):


use CGI qw/:standard/;
use CGI::Cookie;

print "<html><head>\n\r<title>Validating</title></head><body>";

if ($ENV{'REQUEST_METHOD'} eq "POST") {
    read(STDIN, $request,$ENV{'CONTENT_LENGTH'}) or die "Could not get
+ query\n";

}

@parameters = split(/&/,$request);

foreach $p (@parameters){
    $p =~ s/\+/ /g;
    ($para,$value) = split(/=/,$p);
    $para =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    $value =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    $PAIRS{$para} = $value;
}

if($PAIRS{"login_id"} eq("admin") && $PAIRS{"login_password"} eq("go")
+){
    $login_cookie        = new CGI::Cookie(-name=>'loginID',-value=>'a
+dmin');
    $password_cookie    = new CGI::Cookie(-name=>'loginPassword',-valu
+e=>'go');
    header(-cookie=>[$login_cookie,$password_cookie]);
    print "<script type='text/javascript'>
    <!--
        window.location = 'work_with_cookies.pl';
    //-->
    </script>";
}
else{
    print "<script type='text/javascript'>
    <!--
        window.location = 'admin_login.html';
    //-->
    </script>";
}

print "</body></html>";

[download]

And here is the Perl program that is called after creating the cookies:

work_with_cookies.pl


use CGI qw/:standard/;
use CGI::Cookie;
print ("<html><head>\n\r</head><body>");
%cookies = CGI::Cookie->fetch;
print $cookies{"loginID"};
print $cookies{"loginPassword"};
print "<hr />";
print ("</body></html>");

[download]

But I am getting nothing on the above page except the Horizontal Line. On the previous page if I use "print" before the "header" then I get the credentials as well as the other stuffs mixed with them as posted in the original post above.

I repeat my question/problem: I am not able to set cookies and fetch/use them from/on the some other page that requires to validate the credentials before displaying its contents.

Replies are listed 'Best First'.
Re^3: Cookie and Session
by chromatic (Archbishop) on Nov 03, 2011 at 18:35 UTC
    print "<html><head>\n\r<title>Validating</title></head><body>";

    Cookies must go in the HTTP header. If you print HTML first, you've given up your chance to print any HTTP headers. Print the header with any cookies first.

    if ($ENV{'REQUEST_METHOD'} eq "POST") {
    read(STDIN, $request,$ENV{'CONTENT_LENGTH'}) or die "Could not get
+ query\n";

}

@parameters = split(/&/,$request);

foreach $p (@parameters){
    $p =~ s/\+/ /g;
    ($para,$value) = split(/=/,$p);
    $para =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    $value =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    $PAIRS{$para} = $value;
}

    [download]

    Get rid of this code; it's buggy (I count at least three bugs and one denial of service attack) and you're already using CGI. Use its param() functions and save yourself the headache.

    Improve your skills with Modern Perl: the free book.

[reply]
[d/l]
[select]

      I have removed that line and now I am printing nothing before the "header": 

      
use CGI qw/:standard/;
use CGI::Cookie;

if ($ENV{'REQUEST_METHOD'} eq "POST") {
    read(STDIN, $request,$ENV{'CONTENT_LENGTH'});

}

@parameters = split(/&/,$request);

foreach $p (@parameters){
    $p =~ s/\+/ /g;
    ($para,$value) = split(/=/,$p);
    $para =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    $value =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    $PAIRS{$para} = $value;
}

if($PAIRS{"login_id"} eq("admin") && $PAIRS{"login_password"} eq("go")
+){
    $login_cookie        = new CGI::Cookie(-name=>'loginID',-value=>'a
+dmin');
    $password_cookie    = new CGI::Cookie(-name=>'loginPassword',-valu
+e=>'go');
    print header(-cookie=>[$login_cookie,$password_cookie]);
    print "<script type='text/javascript'>
        window.location = 'work_with_cookies.pl';
    </script>";
}
else{
    print "<script type='text/javascript'>
    <!--
        window.location = 'admin_login.html';
    //-->
    </script>";
}

      [download]

      Still it does not work. The "Set cookie" lines are displaying and the page is not being redirected as well. If I remove the "print" operator from the "header" statement then the page gets redirected but nothing appears thereon. I mean the cookies are not retrieved thereon.

[reply]
[d/l]

        If you're seeing the headers when you print them, then something is getting printed ahead of them. If your script isn't doing it, it's possible that your web server is sending something ahead of what your CGI script prints.

        Try fetching the page with a utility like wget, so you can see exactly what's being output. Another option is to talk directly to the HTTP server with telnet, entering a GET command and the Host header like below, followed by a blank line. That'll let you see exactly what your browser sees (assuming your server doesn't do any funny browser-header-specific stuff), with all headers first and then the text of the page.

        $ telnet my.server.com 80
Trying....
Connected to....
Escape character is '^]'.
GET /cgi-bin/myscript.cgi HTTP/1.1
Host: my.server.com

# output will come here

        [download]
[reply]
[d/l]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom