Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I've got a kind of unique situation with a set of CGI scripts I'm working on. The first script that a user interacts with is a login script. The transaction is encrypted via SSL--that is, the script is being served from https://(ip address). The login script sets a cookie, then redirects the user to an *unsecured* script served from the same server--i.e. http://(same ip address). I need the unsecured script to be able to read the secured script's cookie. Here's the twist though--the server doesn't have a domain name. It's on a private LAN, so the only way for a browser to reach it is by typing in it's IP. Is there a way I can use the domain field of CGI::Cookie to ensure that both scripts (and other numerous unsecure scripts) can read the cookie? If I just leave out the domain argument, the unsecure script doesn't seem to be able to read the cookie.

Replies are listed 'Best First'.
Re: Cookies using IP instead of Hostname
by tachyon (Chancellor) on Jul 22, 2001 at 12:20 UTC

    Have you tried just using the IP address as the domain: 

    use CGI;
my $query = new CGI;
my $cookie = $query->cookie(
                         -name    => 'sessionID',
                         -value   => 'xyzzy',
                         -expires => '+1d',
                         -path    => '/cgi-bin/',
                         -domain  => '182.1.1.1'
                           );
print $query->header(-cookie=>$cookie);

    [download]

    This does print the domain as the IP address in the header so will get sent to the browser. *I have no idea whether this will work* but it may and logic suggests that it could/should. It depends on how the browsers work with the domain name. Certainly easy to try. If it works with one browser you best test the others :-)

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]
[d/l]
      One clarification: I'm having to do this without using CGI::Cookie, so I just do print "Set-Cookie: blahblahblah" instead. I had tried using just the IP before and it didn't work--in fact, I was having trouble getting any cookie at all to set. I just realized that I was leaving out the "expires" and "path" fields though. Seems to work fine when I put those fields in, even if they're blank. Thanks!
[reply]

Back to Seekers of Perl Wisdom