submersible_toaster has asked for the wisdom of the Perl Monks concerning the following question:
Fellow monks,
I am hoping someone can point out the error(s) of my way here. I am using an html form to POST two values 'user' and 'pass' to a validation script, which sets a cookie called 'id' (if the user is valid) and returns a link to the main cgi that requires the cookie
Security pundits - I know this is frightfully insecure to send 'pass' in this manner , I believe it's as bad as an ftp site without strong auth, or telnet. I have read Ovid's offsite cgi tutorials (recommended). For the moment I am trying to get cookies to work at ALL, before trying to secure them.
so the validator looks like
#!/usr/bin/perl -wT use strict; use CGI; my $q= CGI->new(); my $name = $q->param('name'); my $password = $q->param('password'); while ( my($u , $p ,,) = getpwent ) { if ($name eq $u) { my $salt = substr($p,0,2); my $check = crypt ($password, $salt); if ($check) { # yes yes, it's always true - FOR NOW! &success; } else { &fail }; } } &fail; exit(0); sub fail { print $q->header('text/html'), $q->start_html(-title=>'Unsuccessful Login'), $q->a({href=>'http://proxy/testform.html'} ,'Return to Login P +age'), $q->end_html; exit(0); } sub success { my $cookie = $q->cookie(-name=>'id', -value=>$name , -expires=>'-1h'); print $q->header(-type=>'text/html', -cookie=>$cookie), $q->start_html(-title=>"Welcome $name"), $q->a({href=>'http://proxy/cgi-bin/view/browse.pl?test=1'}, 'P +roceed to Viewing Area'), $q->end_html; exit(0); }
I am certain that this is setting a cookie, IE warns me and I accept the cookie. But when browse.pl runs
#!/usr/bin/perl -wT use strict; use CGI; use Data::Dumper; my $q= CGI->new; my $cookie = $q->cookie('id'); #This keeps returning undef
Apache documentation is pretty sparse , and indicates that cookie problems are generally script or client based, the system I am running on is RH7.3, perl 5.6.1 , apache 1.3.26
$row x 3 , $boat->your;