http://www.perlmonks.org?node_id=263167

kutsu has asked for the wisdom of the Perl Monks concerning the following question:

I am currently working on a cgi-script, which takes a username and password, checks to see if it is right, encripts it (not in this because I'm unsure of what encription I can use), and send the encripted username + sessionid to a cookie

I've checked everything, and only the cookie isn't working. Before someone asks I check for the cookie using 4 methods: in IE and Mozilla turned on prompting and wasn't, in IE searched entire computer for *.txt, in Mozilla looked at cookie organizer, and sent cookie to screen, it showed up just fine. So any ideas on why the cookie dosen't work, and other input on general coding, would be appricated.

#!/usr/bin/perl -wT use strict; use CGI; use CGI::Cookie; my $query = new CGI; my $good_user = ""; my $good_pass = ""; my $real_user = ""; my $real_pass = ""; my $itis = ""; use vars qw($incuser $incpass); &url if $query ->request_method() eq "GET"; my $pword_file = "/location/of/file/.password"; #will use database later but for now keep file my $userid_entd = $query->param('incuser'); my $pword_entd = $query->param('incpass'); $userid_entd =~ tr/A-Z/a-z/; $pword_entd =~tr/A-Z/a-z/; &url if $userid_entd =~ /[^0-9a-z]/; &url if $userid_entd eq ""; $good_user = $userid_entd; &url if $pword_entd =~ /[^0-9a-z]/; &url if $pword_entd eq ""; $good_pass = $pword_entd;
open (USERFILE, $pword_file) || die "File cannot open"; while (<USERFILE>) { chomp; ($real_user, $real_pass) = split /\|/; if ($real_user eq $good_user && $real_pass eq $good_pass) { my $stime = time; my $c = $query->cookie( -name => 'ID', -value => "${stime}${good_user}99", -expires => '+1h', -domain => '.domain.com', -path => '/some/path', ); print $query->header( -cookie => $c); # print "Set-Cookie: $c\n"; #this was tried, also didn't work $itis="good"; &url; } } close (USERFILE); &url; #&url prints a header and checks to see if $itis eq "good" #print one message if it is another if it isn't

"Pain is weakness leaving the body, I find myself in pain everyday" -me

Replies are listed 'Best First'.
Re: Problem setting cookie using CGI::Cookie
by chromatic (Archbishop) on Jun 04, 2003 at 23:35 UTC
    &url prints a header

    You only get to print the header once per invocation. You have to stick the cookie in there before you print it. I'm not having much luck making sense out of your variable names or comparisons, so I can't say for sure that this is your problem, but checking the request method sure looks like it'll print the header too eary to set a cookie.

    By the way, calling a sub with the &url syntax is not only ugly, it does things implicitly that you may not want. See perlsub for more. I much prefer url() and recommend that you consider it.

      Oops...I said that wrong, the &url is used to load my css. Also, I prefer url() as well, I just used & because I wasn't originally planning on using cookies (so &url was Location: ...), until I found out the boss doesn't want to use .htaccess.

      Update:Took out CGI::Cookie, forgot why I had it there in the first place, and my path is correct (I just don't want to post it because of security)

      Thanks for pointing that out though, I went ahead and changed that, didn't help my problem though.

      "Pain is weakness leaving the body, I find myself in pain everyday" -me

Re: Problem setting cookie using CGI::Cookie
by cfreak (Chaplain) on Jun 05, 2003 at 13:34 UTC

    In addition to the great suggestions here, I also suggest that you put $ENV{HTTP_HOST} in the 'domain' field, or specify the whole domain. I know the .domain.com notation is in the docs but I've never been able to get it to work properly.

    Lobster Aliens Are attacking the world!

      Thank you cfreak, that did it. Odd that isn't shown in the docs.

      Thanks to everyone else who helped too.

      "Pain is weakness leaving the body, I find myself in pain everyday" -me

Re: Problem setting cookie using CGI::Cookie
by Anonymous Monk on Jun 04, 2003 at 23:41 UTC
    In addition, do you make explicit use of CGI::Cookie in the rest of your script somewhere? In looking at the documentation for both CGI::Cookie.pm and CGI.pm, the former is used with a new CGI::Cookie() and the latter is as you've instantiated your cookie in your script. Not that this has anything to do with your problem, but if it doesn't need to be there, take it out. Also make sure your -path attribute in the cookie is correct, since
    "For example, if you specify the path "/cgi-bin", then the cookie will be returned to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl", and "/cgi-bin/customer_service/complain.pl", but not to the script "/cgi-private/site_admin.pl".
    (from CGI.pm docs)
Re: Problem setting cookie using CGI::Cookie
by TexasTess (Beadle) on Jun 05, 2003 at 08:20 UTC
    I've been down this road before, see my post COOKIE HELL or something like that...anyway what was suggested in the first reply is almost certainly your problem.

    Ya gotta set the cookie before any header goes out, it's got to be the first thing you do else you'll never get it to set. When I was working on getting mine to set, I would invoke a new script just so I was certain there would be no header set when I stuck it in.

    TexasTess
    "Great Spirits Often Encounter Violent Opposition From Mediocre Minds" --Albert Einstein

      All &url does is print

      <!DOCTYPE html PUBLIC "..."> <html> ... <link rel="stylesheet" type="text/css" href="/sheet.css" media="screen +">
      Will this cause a problem.

      Sorry about not saying this sooner, but I couldn't get to the PC this was on until this morning

      "Pain is weakness leaving the body, I find myself in pain everyday" -me

        Yes, that will cause a problem if you print it before the header. The header must come first. The cookie must be in the header. If you print anything else first and the web browser accepts the cookie, it's broken.

        Your web server may add headers automatically if you don't print the headers first, but your cookie won't be set if that happens. You get one chance to print the HTTP header and the cookie must be in that header.

        I'm being very explicit here because this trips up a lot of people.

        As far as the domain issue, you may need to add a trailing period. I seem to recall that CGI::Cookie checks to see if the domain name contains two periods. Does it work better with example.com.?