cookie question

hotshot has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: cookie question by simeon2000 (Monk) on Jul 23, 2002 at 13:14 UTC
If I understand your question correctly, you are creating a cookie with CGI.pm. In another transaction, some javascript is modifying that cookie. You then want to know if perl will be able to read that new value in yet another later transaction. The answer to THAT question is yes. As long as the javascript modifies the correct cookie value, after the javascript modifies it, perl should later on be able to read back in the new value (provided, again, the correct value is specified). "Falling in love with map, one block at a time." - simeon2000	[reply]
Re: cookie question by erasei (Pilgrim) on Jul 23, 2002 at 13:06 UTC
I am by no means a cookie expert, but did some work with them a little while back. One thing you need to be really careful of is what you store in cookies. Since all of the data is stored on the users machine, they have free access to change it. Sure you can encrypt it and then store it, but if are having JavaScript change values on the client side, it could become a real security problem fast, if such things apply, and they usually do, in one manner or other. Also, most browsers have options for cookies, such as Only Allow Same Site Reading, or something like that which restricts sites from accessing any of your cookies other than those placed by that sight. I don't know that this would come into play in your case, but it never hurts to know that it might. Doing it this way would involve at least two page views in order to do anything useful. First, the user would load the page, and the cookie would be set, and the JavaScript run, and the values changed. The page would then have to be reloaded again to get the new value. That is the way I would think anyway.. there might be other ways, but none are occuring to me now. My advice: If you can set the values in Perl and store it encrypted as a cookie.. do it that way by all means. Never trust any data coming from the user.	[reply]
Re: cookie question by adamcrussell (Hermit) on Jul 23, 2002 at 12:59 UTC
This is a little unclear to me. Do you mean that you have a user agent you wrote which creates a cookie and then javascript from the page you are accessing with your user agent is supposed to set the cookies value? If that is the case then I this is fairly difficult to do. I would look into the Javascript module. I have never used it but it may solve the problem of telling perl what to do with all that nasty javascript.	[reply]
Re: cookie question by BorgCopyeditor (Friar) on Jul 23, 2002 at 16:59 UTC
FWIW, it's generally considered a bad idea to depend on javascript for essential functions (unless you're coding for an intranet environment where you know / have control over what browser and options people will be using). Is there some reason the cookie needs to be changed via javascript? I can't think of one: if it's a matter of changing it based on form input, you should use a server-side script to handle that, both because a lot of people surf with javascript disabled, and because javascript has to be viewable by the client to work, which could open up security problems, as someone has already pointed out. The shorter answer is that whatever cookie is there will, under normal circumstances, be readable by your script, whether it's created by perl, javascript, or altered by the client in a text editor. :-) IOW, this seems like a "can I use X to do Y" question, and if X = javascript, the answer is a very qualified "yes, but you may not want to do Y in that way." BCE --Your punctuation skills are insufficient!	[reply]


Just another Perl shrine
	PerlMonks