[Pdx-pm] saving state with CGI.pm

Ovid poec at yahoo.com
Thu Nov 6 12:21:47 CST 2003

--- Austin Schutz <tex at off.org> wrote:
> 	One way to do it is to use cookies. Benefits are that you don't
> have to save any state yourself and the user can go back to any part of the
> form at any point in the future and still access their data. You can set
> cookies at any part of your website and have them readable everywhere, sort
> of like global variables.

Er, sorry, but I have to say that this is a terrible idea.

    (my credit card number and pin was stored in a cookie)
    (Friendster stored password in cookie)
    (Microsoft abuses cookies and a young lady may have gotten in trouble 
     because a cookie revealed the location of her online journal)

You can read about those horror stories of storing user data in the cookies.  One response might
be "store everything *but* sensitive data in the cookie", but at that point, it means you already
have a server-side mechanism for maintaining state and you no longer need to rely on the cookie.


Silence is Evil            http://users.easystreet.com/ovid/philosophy/indexdecency.htm
Ovid                       http://www.perlmonks.org/index.pl?node_id=17000
Web Programming with Perl  http://users.easystreet.com/ovid/cgi_course/

Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard

More information about the Pdx-pm-list mailing list