Your script will be multiply concurrent, will it not? That is, several users
may be executing the same [instance of the] script. How are you going to
tell them apart?
I know CGI.pm retains values from a previous invocation, but have never
understood how to differentiate between the separate users of the script. I
look with interest to the more learned answers to your query.
- Roger -
----- Original Message -----
From: "Ryan Davis" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 10:00 AM
Subject: Cookies and Security
Hey all,
I have a password protected area, and after the user puts in their password,
I store it in a cookie, and the CGI reads that cookie every time to
determine if the user is logged in or not. I figured this was safer than
passing a 'loggedin' param as a hidden field, but I'm not sure if there is
an industry standard way to do this. My code is too long (300+ lines, and
messy), so here's the outline/psuedocode:
#try to snag the cookie
$pw = get_cookie()
#if the user is logging in for the first time, write the cookie
if($cgi->param("password"){
$pw = $cgi->param("password");
write_cookie($pw);
}
#set a boolean if the password is correct
$loggedIn = isCorrect($pw);
unless($loggedIn){
prompt_for_password();
}elsif(
...rest of program
Is this secure? Is there a better way to do this?
Thanks,
Ryan
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
