submersible_toaster has asked for the wisdom of the Perl Monks concerning the following question:

Fellow monks,

I am hoping someone can point out the error(s) of my way here. I am using an html form to POST two values 'user' and 'pass' to a validation script, which sets a cookie called 'id' (if the user is valid) and returns a link to the main cgi that requires the cookie

Security pundits - I know this is frightfully insecure to send 'pass' in this manner , I believe it's as bad as an ftp site without strong auth, or telnet. I have read Ovid's offsite cgi tutorials (recommended). For the moment I am trying to get cookies to work at ALL, before trying to secure them.

so the validator looks like

#!/usr/bin/perl -wT use strict; use CGI; my $q= CGI->new(); my $name = $q->param('name'); my $password = $q->param('password'); while ( my($u , $p ,,) = getpwent ) { if ($name eq $u) { my $salt = substr($p,0,2); my $check = crypt ($password, $salt); if ($check) { # yes yes, it's always true - FOR NOW! &success; } else { &fail }; } } &fail; exit(0); sub fail { print $q->header('text/html'), $q->start_html(-title=>'Unsuccessful Login'), $q->a({href=>'http://proxy/testform.html'} ,'Return to Login P +age'), $q->end_html; exit(0); } sub success { my $cookie = $q->cookie(-name=>'id', -value=>$name , -expires=>'-1h'); print $q->header(-type=>'text/html', -cookie=>$cookie), $q->start_html(-title=>"Welcome $name"), $q->a({href=>'http://proxy/cgi-bin/view/'}, 'P +roceed to Viewing Area'), $q->end_html; exit(0); }

I am certain that this is setting a cookie, IE warns me and I accept the cookie. But when runs

#!/usr/bin/perl -wT use strict; use CGI; use Data::Dumper; my $q= CGI->new; my $cookie = $q->cookie('id'); #This keeps returning undef

Apache documentation is pretty sparse , and indicates that cookie problems are generally script or client based, the system I am running on is RH7.3, perl 5.6.1 , apache 1.3.26

$row x 3 , $boat->your;

Replies are listed 'Best First'.
Re:, cannot retrieve cookie.
by Cody Pendant (Prior) on Nov 29, 2002 at 03:58 UTC
    my $cookie = $q->cookie(-name=>'id', -value=>$name , -expires=>'-1h');

    Am I dreaming, or is your cookie set to expire one hour in the past?
    ($_='jjjuuusssttt annootthheer pppeeerrrlll haaaccckkeer')=~y/a-z//s;print;
•Re:, cannot retrieve cookie.
by merlyn (Sage) on Nov 29, 2002 at 09:27 UTC
Re:, cannot retrieve cookie.
by submersible_toaster (Chaplain) on Nov 29, 2002 at 06:40 UTC


    It surely was, I have ammended that and what a surprise , my cookies get passed around.

    ++Cody Pendant