tags:

views:

110

answers:

2
Q: 

How do I design a Perl cookie initialization login screen?

Guys, Based on this question I asked earlier on setting up cookies in Perl, I successfully got an answer and way to do this but am now faced with a new interesting challenge.

In Perl CGI scripts, it demands you setup a cookie on the header statement which ought to be the first statement in your script. To clarify, you need to have a CGI->header() statement at the top of your script for the CGI script to work!

My scenario:

I have a login screen with a user name and password, upon successful login I need to setup a cookie with the current user name, then redirect the user to another form that checks if the cookie is set before allowing any transactions.

Please note if I set the cookie after the CGI->header() statement, it never get set, and if I set it at the top of my script, it has a bogus value for obvious reasons (user has not logged in)

How do I achieve this? does the CGI->header() statement need to be at the top of my script always?

Gath

+5  A: 

Your assertion is wrong: print CGI->header can appear anywhere in your script. However, headers must be output once and only once and before any other output is emitted.

For your purposes, I would recommend using CGI::Application along with CGI::Session (via CGI::Application::Plugin::Session).

Sinan Ünür  2009-11-24 16:04:55
+6  A: 

You're gonna end up writing yourself some code that can be hijacked if you keep heading in that direction, given your current level of knowledge ("just enough to be dangerous").

I'd suggest reading my article on how to "brand" a browser using cookies. It's an oldie-but-a-goodie.

For the impatient, the trick is to use a cookie only to distinguish one browser from another, and keep everything important as server-side state.

Randal Schwartz  2009-11-24 16:28:48
Sorry i didn't mention, this is not a public web app, but a small utility that helps me talk and administer my old SCO box. Tight security not priority at the moment.
gath  2009-11-25 04:23:15
And that is always how it starts. :) Seriously, dark alleyway ahead. Slit throat inevitable. If not you, the guy who takes over after you who doesn't understand the shortcuts you took.
Randal Schwartz  2009-11-25 16:45:04

related questions

Regex to replace Boolean with bool
How do I lock a file in Perl?
How do you use XML::Parser with Style => 'Objects'
Parsing XML Elements & Attributes with Perl
Regex to match all HTML tags except <p> and </p>
Best way to extract data from a FileMaker Pro database in a script?
What's the fastest way to determine a full URL from a relative URL (given a base URL).
Why can't I connect to my CAS server with Perl's AuthCAS?
Why can't I fetch wikipedia pages with LWP::Simple?
How do I perform a Perl substitution on a string while keeping the original?
How do I read in the contents of a directory in Perl?
How can Perl's system() print the command that it's running?
How can I test STDIN without blocking in Perl?
How do I tell if a variable has a numeric value in Perl?
Why doesn't my Perl map return anything?
How can I determine the type of a blessed reference in Perl?
Parsing attributes with regex in Perl
How do you retrieve selected text using Regex in C#?
Why does the Perl conditional operator not do what I expect?
Class::DBI-like library for php?
How do you create objects in Perl?
How do I remove duplicate items from an array in Perl?
Is The Perl Journal available online?
Can you force either a scalar or array ref to be an array in Perl?
What's the safest way to iterate through the keys of a Perl hash?