CGI generating javascript cookie code
Hi, I am trying to develop something with javascript cookies and CGIs. I have a page (1.html) which contains javascript (document.cookie etc) to set a cookie, then display it. Another page (2.html) checks the value of the cookie and displays it only. After 1.html is viewed then 2.html shows it set. I can delete the same cookie with a 3rd page. So far so good.
Now I need a CGI to be able to generate an HTML/javascript page which sets/deletes cookies in the same way. As a test, my perl script simply outputs an HTTP header and then the contents of 1.html. The cookie seems to be set for the current page but viewing 2.html does not show it set. The perl script (test.pl):
#!/usr/local/bin/perl
print "Content-type: text/html\n\n";
open(IN,"/sites/testsite/1.html");
while () { print; }
close(IN);
Can anyone explain why viewing 1.html sets the cookie for other windows, but viewing cgi-bin/test.pl doesn't? When I check View Source for both 'pages' they are identical. Same result in both IE4 and NS4.
Thanks for any help.
Vincent Puglia posted this at 22:11 — 19th September 2000.
They have: 634 posts
Joined: Dec 1999
Hi tcranfield,
My perl is not up to par and you might get a better response in the CGI forum. However, my guess is the perl script is simply copying the page's contents and not executing it in any manner. If I remember right, there is a http://www.allaboutcookies.com (or somesuch); they probably have a perl script you can study.
Vinny
Where the world once stood
the blades of grass cut me still
Mark Hensler posted this at 23:44 — 19th September 2000.
He has: 4,048 posts
Joined: Aug 2000
what is the purpose of this script? There may be a better way of doing this. [perhaps using perl cookies]
fairhousing posted this at 04:00 — 20th September 2000.
They have: 1,587 posts
Joined: Mar 1999
im confused and know some perl, but i don't understand ur question.
tcranfield posted this at 11:31 — 20th September 2000.
They have: 9 posts
Joined: Mar 2000
Hi guys,
I'll try to simplify it. In a nutshell, the problem is as follows:
- Browser receives a static HTML page containing javascript which sets a javascript cookie. Cookie gets set fine and this can be seen by checking it even in other browser windows.
- Browser receives exactly the same HTML (containing javascript) as before, but this time it's a CGI program which is generating it. Now the cookie does not get set.
Why???
To put it in context, I am doing a login procedure. User logs in, CGI program checks the username/password, if ok then it returns a page which sets certain user/session cookies - so that any subsequent pages can pick this up with javascript.
Vincent Puglia posted this at 12:53 — 20th September 2000.
They have: 634 posts
Joined: Dec 1999
Hi tcranfield,
Again, I'm no perl expert, but logic says your design is at fault.
The cookie is set by the browser when 1.html is accessed, not by the page itself. Your perl script is simply writing the contents of the html page. If you want your perl script to write out session vars, you need to have it do so. What it is presently doing is a simple file copy.
Vinny
Where the world once stood
the blades of grass cut me still
tcranfield posted this at 16:58 — 20th September 2000.
They have: 9 posts
Joined: Mar 2000
Hi Vincent / anyone else,
Sorry if I'm not making myself clear. The perl script I listed was just a test to prove that the concept works (which it doesn't!).
The static test page (1.html) works. But when the CGI simply copies that same page to the output (so the browser gets the same thing), it doesn't work (the cookie doesn't get set).
A browser sets a cookie when told to do so by some javascript inside HTML. The browser should not care where the HTML/javascript came from - but it seems that if it came from a static page, then it will set the cookie - if it was exactly the same but came from a CGI generating the same page - then it won't.
As far as I understand, perl cookies are different from javascript cookies - so I don't think that will help!
Again thanks for any answers or help you can give me - much appreciated!
Tim
Mark Hensler posted this at 07:01 — 21st September 2000.
He has: 4,048 posts
Joined: Aug 2000
one more question...
why are you using javascript cookies for user validation?
Can't that can be hacked fairly easy?
IMO, you should use some server side validation... such as using SSI at the very top of every page to exec a CGI. Then you can check the user. If ok, return to page, if not, redirect to error 401 page [un-authorized].
Mark Hensler
If there is no answer on Google, then there is no question.
tcranfield posted this at 13:42 — 22nd September 2000.
They have: 9 posts
Joined: Mar 2000
I try to do things client-side where I can - better for site performance especially if you can eliminate an SSI on every page! The idea was that the CGI validates the user and sets javascript cookies including a unique session ID cookie which could not be pre-guessed. Then any subsequent static page could pick up the user info with javascript and any subsequent CGI could check the session ID against it's list of current active ones before doing anything important.
Any ideas where I can find code to do user logins so that any page on the site can pick that up? Like this site ... but without using PHP.
Thanks
Tim
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.