Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Having a cookie domain

by CodeJunkie (Monk)
on Jun 04, 2003 at 11:26 UTC ( #262951=perlquestion: print w/replies, xml ) Need Help??

CodeJunkie has asked for the wisdom of the Perl Monks concerning the following question:

Hi,
I have a CGI cookie domain question for you all.

I have 2 websites, my main site is http://www.mysite.com/ and my new site is http://www.newmysite.com. However newmysite.com is actually hosted at http://www.mysite.com/newmysite/. I have just asked my domain registar to forward to this new location and put in a frame so that it looks like it's own site, but I dont have to buy more dedicated webspace.

On my new website I have a log in page that lets people log into the website, however the domain cookie thing is giving me problems. If I look at the site from:
http://www.mysite.com/newmysite/ and have cookie dropping code that looks like this:

sub dropCookie { my ($username,$form)=@_; my $sessionID = md5_hex(md5_hex(time.{}.rand().$$)); my $value = "$sessionID\.$username"; my $cookie = $form->cookie(-name=>'sessionID', -value => $value, -path=>'/', -domain=>'.mysite.com'); print $form->header(-cookie=>$cookie) or &dieNice("Failed to put coo +kie on users computer"); return; }

It works fine, but I can't login when I go to www.mynewsite.com. I think this is because the domain is specified at .mysite.com as opposed to .newmysite.com. But it still doesn't work when I change the code to domain=>'.newmysite.com'.

I hope that all makes sense to everyone, it's not really that complicated, but I'm not sure I've explained it too well

Many thanks,
Tom

Replies are listed 'Best First'.
Re: Having a cookie domain
by arthas (Hermit) on Jun 04, 2003 at 11:32 UTC

    For security reasons, most web browsers only accept cookies coming from the domain you are browsing, and only return them to that domain.

    So, if the user is browsing www.mynewwebsite.com, you should set the cookie domain as .mynewwebsite.com, and you'll only be able to retrieve that on the server side if the user is browing that domain.

    Hope this info can be of some help to you!

    Michele.

Re: Having a cookie domain
by Bilbo (Pilgrim) on Jun 04, 2003 at 11:34 UTC

    Do you actually need to set the domain? Quoting from the CGI documentation: If no domain is speci­fied, then the browser will only return the cookie to servers on the host the cookie originated from. Is this what you want it to do?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://262951]
Approved by arthas
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (3)
As of 2020-06-02 16:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you really want to know if there is extraterrestrial life?



    Results (19 votes). Check out past polls.

    Notices?