[Pdx-pm] saving state with CGI.pm
Ovid
poec at yahoo.com
Thu Nov 6 12:21:47 CST 2003
--- Austin Schutz <tex at off.org> wrote:
> One way to do it is to use cookies. Benefits are that you don't
> have to save any state yourself and the user can go back to any part of the
> form at any point in the future and still access their data. You can set
> cookies at any part of your website and have them readable everywhere, sort
> of like global variables.
Er, sorry, but I have to say that this is a terrible idea.
http://use.perl.org/~Ovid/journal/15165
(my credit card number and pin was stored in a cookie)
http://use.perl.org/~Ovid/journal/13542
(Friendster stored password in cookie)
http://use.perl.org/~Ovid/journal/13471
(Microsoft abuses cookies and a young lady may have gotten in trouble
because a cookie revealed the location of her online journal)
You can read about those horror stories of storing user data in the cookies. One response might
be "store everything *but* sensitive data in the cookie", but at that point, it means you already
have a server-side mechanism for maintaining state and you no longer need to rely on the cookie.
Cheers,
Ovid
=====
Silence is Evil http://users.easystreet.com/ovid/philosophy/indexdecency.htm
Ovid http://www.perlmonks.org/index.pl?node_id=17000
Web Programming with Perl http://users.easystreet.com/ovid/cgi_course/
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
More information about the Pdx-pm-list
mailing list