Setting Cookies in Perl (RFC 6265)
Setting Cookies in Perl (RFC 6265)
Setting cookies in Perl, can be a pain these days. Specially with lack of clarity upon what to do, and what not to do. Here is a simple, yet compliant way of setting cookies as per RFC 6265.
You should not use, CGI::Cookie because it is at present outdated, as it is based on the RFC 2965, which was made obsolete by RFC 6265. More on this here: http://tools.ietf.org/search/rfc6265
Basically the RFC lays out how browser like your plain old Mozilla, Internet Explorer and Chrome should treat cookies, how to identify them, and what would be their attributes.
This is the code we would be using today:
Explanation:
Line1: #!/usr/bin/perl says, where your perl files are located, while -T is for taint mode (a security feature) and w is for warnings.
Line2: use strict is a security feature, and is strongly recommended!
Line3: use CGI, is needed for your script to use Common Gateway Interface.
Line 4: use CGI::Carp qw(fatalsToBrowser); should stay in your code, for debugging. You should remove it, once your script is final, and you expect nothing to be broken. Doing so is strongly recommended for security.
Line 6-7: my $AAA is the name of a container/string(try changing the AAA to anything you like, but don't forget to write a $ before it), that is like a box that can contain some values. You must define all strings, once only, before manipulating them in anyway.
anything after the = sign, is the exact value or function to be executed.
Set-Cookie is the command, that tells the browser to make a cookie, but doesn't tells the browser how that cookie should be yet.
SID is the default name of the cookie, and its value can be anything you set. Additionally you can add this line before the line 6 (and I'm quite sure you would want to)
my $stringname = 12345 (you can try changing stringname, and its value 12345 to whatever you like)
and then change the above code slightly to
SID= $stringname;
what would happen is, that SID container/string would be given the value of the container/string $stringname
Path='/'; , this defines the directories for which you are creating the cookie. Don't think much, just let this be the way it is. This is the default value.
Secure; says to send your cookie, only if it is sent over https.. meaning.. you should have a security certificate installed. This is a very important feature, required for the safety of your website.. sooner or later, if your website has any sensitive info, or money involved.. you need a SSL certificate. But incase you don't have a certificate yet, then:
or for the time being, you can just leave it out, and not write Secure; all together. Then your line would be:
"Set-Cookie: SID=4343; Path=/; Httponly; Domain=yourwebsite.com; lang=en-US; Max-Age=3600";
Next up is the Httponly; attribute/feature of your cookie. It is suggested, as a security measure, so that your cookie is not accessible via Javascript.
Domain=yourwebsitenamehere.com together with Path (which we discussed above) says, where is the cookie valid.
Lang=en-US, just says use normal American english.
Max-Age=3600; says in seconds, how long should the cookie should stay alive, before the browser deletes it. Setting it is a good security practice. 3600 seconds = 1 hour, so if you want your cookies to stay alive for 30 minutes, Max-Age=1800; is your code
But wait, until now we have not actually sent the cookie, to the browser.
Line 8: Print $AAA; executes the value of AAA string/container. And sends the cookie to the browser.
Line 9: #Begin output.. is just a comment.. comments in perl start with a hash at the start of the line. try changing it to #blablabla..... it won't do anything.. since its is a comment. Comments are written to help remember what a piece of code does.
Line 10: this line is very very important, and would need to use it in all pages generally. It says, that after this whatever gets printed, is shown on the monitor.
Line 12: this line is the only thing visible to person using your site.
so when you execute this file, which would be a .pl type of file. Example Nameofyourfile.pl
you will only see the word anything written on your screen.
remember, that your file needs to have permissions, 700 or 705 to work correctly sometimes. But that is beyond the scope of this article.
This article seems nice as well: http://alvinalexander.com/perl/edu/articles/pl010012
Setting cookies in Perl, can be a pain these days. Specially with lack of clarity upon what to do, and what not to do. Here is a simple, yet compliant way of setting cookies as per RFC 6265.
You should not use, CGI::Cookie because it is at present outdated, as it is based on the RFC 2965, which was made obsolete by RFC 6265. More on this here: http://tools.ietf.org/search/rfc6265
Basically the RFC lays out how browser like your plain old Mozilla, Internet Explorer and Chrome should treat cookies, how to identify them, and what would be their attributes.
This is the code we would be using today:
Explanation:
Line1: #!/usr/bin/perl says, where your perl files are located, while -T is for taint mode (a security feature) and w is for warnings.
Line2: use strict is a security feature, and is strongly recommended!
Line3: use CGI, is needed for your script to use Common Gateway Interface.
Line 4: use CGI::Carp qw(fatalsToBrowser); should stay in your code, for debugging. You should remove it, once your script is final, and you expect nothing to be broken. Doing so is strongly recommended for security.
Line 6-7: my $AAA is the name of a container/string(try changing the AAA to anything you like, but don't forget to write a $ before it), that is like a box that can contain some values. You must define all strings, once only, before manipulating them in anyway.
anything after the = sign, is the exact value or function to be executed.
Set-Cookie is the command, that tells the browser to make a cookie, but doesn't tells the browser how that cookie should be yet.
SID is the default name of the cookie, and its value can be anything you set. Additionally you can add this line before the line 6 (and I'm quite sure you would want to)
my $stringname = 12345 (you can try changing stringname, and its value 12345 to whatever you like)
and then change the above code slightly to
SID= $stringname;
what would happen is, that SID container/string would be given the value of the container/string $stringname
Path='/'; , this defines the directories for which you are creating the cookie. Don't think much, just let this be the way it is. This is the default value.
Secure; says to send your cookie, only if it is sent over https.. meaning.. you should have a security certificate installed. This is a very important feature, required for the safety of your website.. sooner or later, if your website has any sensitive info, or money involved.. you need a SSL certificate. But incase you don't have a certificate yet, then:
either you can buy a certificate from Godaddy (its the best for the time being) and using my code WOWGINda92 you will get 35% discount!
or for the time being, you can just leave it out, and not write Secure; all together. Then your line would be:
"Set-Cookie: SID=4343; Path=/; Httponly; Domain=yourwebsite.com; lang=en-US; Max-Age=3600";
Next up is the Httponly; attribute/feature of your cookie. It is suggested, as a security measure, so that your cookie is not accessible via Javascript.
Domain=yourwebsitenamehere.com together with Path (which we discussed above) says, where is the cookie valid.
Lang=en-US, just says use normal American english.
Max-Age=3600; says in seconds, how long should the cookie should stay alive, before the browser deletes it. Setting it is a good security practice. 3600 seconds = 1 hour, so if you want your cookies to stay alive for 30 minutes, Max-Age=1800; is your code
But wait, until now we have not actually sent the cookie, to the browser.
Line 8: Print $AAA; executes the value of AAA string/container. And sends the cookie to the browser.
Line 9: #Begin output.. is just a comment.. comments in perl start with a hash at the start of the line. try changing it to #blablabla..... it won't do anything.. since its is a comment. Comments are written to help remember what a piece of code does.
Line 10: this line is very very important, and would need to use it in all pages generally. It says, that after this whatever gets printed, is shown on the monitor.
Line 12: this line is the only thing visible to person using your site.
so when you execute this file, which would be a .pl type of file. Example Nameofyourfile.pl
you will only see the word anything written on your screen.
remember, that your file needs to have permissions, 700 or 705 to work correctly sometimes. But that is beyond the scope of this article.
This article seems nice as well: http://alvinalexander.com/perl/edu/articles/pl010012
Comments
Post a Comment
Please don't add any links in your comment, If you do so, I will remove the whole comment.