tcranfield — Fri, 22 Sep 2000 13:42:00 +0000

I try to do things client-side where I can - better for site performance especially if you can eliminate an SSI on every page! The idea was that the CGI validates the user and sets javascript cookies including a unique session ID cookie which could not be pre-guessed. Then any subsequent static page could pick up the user info with javascript and any subsequent CGI could check the session ID against it's list of current active ones before doing anything important.

Any ideas where I can find code to do user logins so that any page on the site can pick that up? Like this site ... but without using PHP.

Thanks
Tim

Mark Hensler — Thu, 21 Sep 2000 07:01:14 +0000

one more question...

why are you using javascript cookies for user validation?
Can't that can be hacked fairly easy?

IMO, you should use some server side validation... such as using SSI at the very top of every page to exec a CGI. Then you can check the user. If ok, return to page, if not, redirect to error 401 page [un-authorized].

tcranfield — Wed, 20 Sep 2000 16:58:22 +0000

Hi Vincent / anyone else,

Sorry if I'm not making myself clear. The perl script I listed was just a test to prove that the concept works (which it doesn't!).

The static test page (1.html) works. But when the CGI simply copies that same page to the output (so the browser gets the same thing), it doesn't work (the cookie doesn't get set).

A browser sets a cookie when told to do so by some javascript inside HTML. The browser should not care where the HTML/javascript came from - but it seems that if it came from a static page, then it will set the cookie - if it was exactly the same but came from a CGI generating the same page - then it won't.

As far as I understand, perl cookies are different from javascript cookies - so I don't think that will help!

Again thanks for any answers or help you can give me - much appreciated!

Tim

Vincent Puglia — Wed, 20 Sep 2000 12:53:39 +0000

Hi tcranfield,

Again, I'm no perl expert, but logic says your design is at fault.
The cookie is set by the browser when 1.html is accessed, not by the page itself. Your perl script is simply writing the contents of the html page. If you want your perl script to write out session vars, you need to have it do so. What it is presently doing is a simple file copy.

Vinny

tcranfield — Wed, 20 Sep 2000 11:31:21 +0000

Hi guys,
I'll try to simplify it. In a nutshell, the problem is as follows:

- Browser receives a static HTML page containing javascript which sets a javascript cookie. Cookie gets set fine and this can be seen by checking it even in other browser windows.

- Browser receives exactly the same HTML (containing javascript) as before, but this time it's a CGI program which is generating it. Now the cookie does not get set.

Why???

To put it in context, I am doing a login procedure. User logs in, CGI program checks the username/password, if ok then it returns a page which sets certain user/session cookies - so that any subsequent pages can pick this up with javascript.

fairhousing — Wed, 20 Sep 2000 04:00:30 +0000

im confused and know some perl, but i don't understand ur question.

Mark Hensler — Tue, 19 Sep 2000 23:44:53 +0000

what is the purpose of this script? There may be a better way of doing this. [perhaps using perl cookies]

Vincent Puglia — Tue, 19 Sep 2000 22:11:36 +0000

Hi tcranfield,

My perl is not up to par and you might get a better response in the CGI forum. However, my guess is the perl script is simply copying the page's contents and not executing it in any manner. If I remember right, there is a http://www.allaboutcookies.com (or somesuch); they probably have a perl script you can study.

Vinny