Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

if i created a form that accepts user info from a previous page, and i pass that info via cookies because there is no user input on the prev page (hence no param method), how do i get rid of and/or override the previous cookie info?

i'm new to programming with cookies and i'm not sure how to go about it.

or should i even be using cookies? maybe a better/easier way??

thanks all

Replies are listed 'Best First'.
Re: html and cookie expiration
by Skeeve (Parson) on May 05, 2003 at 07:53 UTC
    So you had a form on the first page. When the user entered some data she gets a second page without a form and you want to passthe data on to a third form? Your problem is that there is no form on the second page so that you thought of usingcookies to keep the data, right? You could avoid cookies if you use a hidden form on your second page with just a submit button visible. All the data the user entered would go into a collection of
    <input type="hidden" name="name" value="usersvalue">
    tags. But that's not a perlish answer ;-)
Re: html and cookie expiration
by bart (Canon) on May 05, 2003 at 13:17 UTC
    Completely off-topic, but it could be handy to have a small checklist on cookies. After all, this is what you explicitely asked for:
    • To change the value for a cookie, send out a cookie with the same name and path, and with the new value
    • You can pass it an expiration date, at what time the browser will forget about the cookie. If you don't, the cookie will expire as soon as the browser is closed.
    • To delete a cookie, send out a cookie with the same name and path, with any value you like, and with the expiration date somewhere in the past.
    If you find you can't get rid of a cookie, it's likely that that cookie got set with a different path. There's no way on the server side, to figure out what path a cookie was set valid for. In fact, if you set a cookie with the same name for a different path, you'll end up with two cookies of the same name. It could be you only see the last cookie sent, depending on what cookie library you use. I don't think there are any rules on what order the browser will send them to the server, so I would never rely on it.
Re: html and cookie expiration
by tjh (Curate) on May 05, 2003 at 13:03 UTC
    If I understand correctly, you're thinking of storing actual user-entered data in a cookie that gets recalled, possibly altered and stored again, or used.

    Security and data integrity problems aside (and they're numerous, both in data storage in cookies, and in hidden form fields), I'd recommend:

    • Use the cookie as a session ID only.
    • Somehow, store previous pages of data server-side
    • Make sure the data is somehow associated with the session ID

    This way, you can retrieve and add to or alter the data on the server, rather than the browser, and you don't have to worry about cookies expiring, cookie length restrictions, and the like.

    An excellent article about just such as arrangement, by our very own merlyn, is Here. Also, a Super Search about sessions and state will show many other discussions, and some snippets, that are helpful.