cookie problem - explorer ok, firefox no

[zorro]

Hello,

This is my first crack at perl. I know php very well so I agreed to fix
some bugs on a web site and this is a strange one. The problem is i can
login in explorer but in firefox the login data is lost somewhere along
the way and i'm eventually sent back to login. I've narrowed it down to
this piece of code:

foreach (split(/; /,$ENV{'HTTP_COOKIE'})){
($c,$v) = split(/=/);
if($c eq "mycookiename"){
$v =~ s/([a-fA-F0-9]{2})/pack("C", hex($1))/eg;

if((split(/\|/,$v))[0] ne "NULL"){
($USERname,$USERpass) = split(/\|/,$v);

}
}
}

The first time this code executes, firefox goes all the way into the
innermost if(split), the second time though, it doesn't even go into
foreach. Yet the cookie exists in the firefox cache...

The password is mork123, but displays only mork when I display it in
the innermost if(split) and I wonder if 123 is truncated by the pack
function.

Any ideas what is happening??

 

[Scott Bryce]

Hello,

This is my first crack at perl. I know php very well so I agreed to fix
some bugs on a web site and this is a strange one. The problem is i can
login in explorer but in firefox the login data is lost somewhere along
the way and i'm eventually sent back to login. I've narrowed it down to
this piece of code:

foreach (split(/; /,$ENV{'HTTP_COOKIE'})){
($c,$v) = split(/=/);
if($c eq "mycookiename"){
$v =~ s/([a-fA-F0-9]{2})/pack("C", hex($1))/eg;

if((split(/\|/,$v))[0] ne "NULL"){
($USERname,$USERpass) = split(/\|/,$v);

}
}
}

The first time this code executes, firefox goes all the way into the
innermost if(split), the second time though, it doesn't even go into
foreach.

Firefox doesn't go into anything. The script is running on the server,
not in the browser. Please don't use this code. Look up cookies in the
documentation for CGI.pm instead.

http://search.cpan.org/~lds/CGI.pm-3.20/CGI.pm#HTTP_COOKIES

If you have trouble understanding the documentation, read the posting
guidelines for this group, then write a short, but complete script that
demonstrates your problem, and someone here can help you out.

Are you storing passwords in a cookie? That doesn't appear to be very
secure.

 

[zorro]

Hello,

This is my first crack at perl. I know php very well so I agreed to fix
some bugs on a web site and this is a strange one. The problem is i can
login in explorer but in firefox the login data is lost somewhere along
the way and i'm eventually sent back to login. I've narrowed it down to
this piece of code:

foreach (split(/; /,$ENV{'HTTP_COOKIE'})){
($c,$v) = split(/=/);
if($c eq "mycookiename"){
$v =~ s/([a-fA-F0-9]{2})/pack("C", hex($1))/eg;

This line will convert any pair of hex digits to the equivalent
character. This should only be done if the digits are preceded by a %
sign. Therefore, try changing the above line to:

$v =~ s/%([a-fA-F0-9]{2})/pack("C", hex($1))/eg;

if((split(/\|/,$v))[0] ne "NULL"){
($USERname,$USERpass) = split(/\|/,$v);

}
}
}

You're right about the missing %. The many other regexes in the code
have it, so it was a typo. Unfortunately it didn't fix the problem. I
do the exact same steps in IE and in Firefox but Firefox eventually
goes back to the login page and yet the cookie exists in the cache.
Perhaps the cookie-setting code is wrong : ...?

sub set_cookie {
local($z) = unpack('H*',$_[0]);
print "Set-Cookie: mycookiename=$z;";
print " path=/;";
print " expires=Mon, 1-Jan-2030 00:00:00 GMT;";
# print " domain=.coder-world.de;";
print "\n";
}

this is where it redirects to the login page. I enter similar subs on
previous requests and $USERname exists. But then suddenly it exists no
longer, but only when the request is made from Firefox.

sub myfoo {

unless($USERname){

#.... goes here from FIREFOX, even though the cookie is in the cache

print "Location: page.cgi?action=userlogin\n\n";
exit;
}

#.... goes here from IE
}

 

[Sherm Pendley]

Perhaps the cookie-setting code is wrong : ...?

There is cookie-reading and -setting code in CGI.pm that's correct and
works reliably. Why waste time reinventing the wheel?

sherm--

 

[zorro]

I agree, but in this case I didn't write the code. At this point my
task is just to make the existing buggy code work. If I rewrite the
global cookie functions, who knows how it will affect other parts of
the application .

 

[Eric Schwartz]

I agree,

What are you agreeing with? Please quote some context, so the vast
majority of us NOT using Google Groups to interface with USENET can
understand what you're talking about.

but in this case I didn't write the code. At this point my
task is just to make the existing buggy code work.

If you can't rewrite buggy code to use non-buggy code, then how can
you possibly fix anything?

If I rewrite the global cookie functions, who knows how it will
affect other parts of the application .

If your "global cookie functions" are broken, then they must be fixed.
If that breaks other code, then that code was broken, too, and must
also be fixed. Yes, you can end up fixing a lot more than you started
to, but the person who comes after you (and that person may well be
you in a few months) will be much happier working with good code
instead of bad code.

-=Eric

 

[Scott Bryce]

I agree,

With whom? Please quote enough of the post you are responding to to put
your comments in context.

but in this case I didn't write the code.

We know that. (At least those of us who have been following this thread
know that.)

At this point my task is just to make the existing buggy code work.

The best way to do that is to use the cookie functions in CGI.pm.

If I rewrite the global cookie functions, who knows how it will
affect other parts of the application.

If the application is well written, it shouldn't. Otherwise re-writing
the script might be what it takes to remove the buggy code.

But if you are that concerned about it, back up your script, re-write it
with the cookie functions in CGI.pm, and if the whole thing
disintegrates on you, go back to your backup copy.

 

[zorro]

Hello,

This is my first crack at perl. I know php very well so I agreed to fix
some bugs on a web site and this is a strange one. The problem is i can
login in explorer but in firefox the login data is lost somewhere along
the way and i'm eventually sent back to login. I've narrowed it down to
this piece of code:

foreach (split(/; /,$ENV{'HTTP_COOKIE'})){
($c,$v) = split(/=/);
if($c eq "mycookiename"){
$v =~ s/([a-fA-F0-9]{2})/pack("C", hex($1))/eg;

This line will convert any pair of hex digits to the equivalent
character. This should only be done if the digits are preceded by a %
sign. Therefore, try changing the above line to:

$v =~ s/%([a-fA-F0-9]{2})/pack("C", hex($1))/eg;

if((split(/\|/,$v))[0] ne "NULL"){
($USERname,$USERpass) = split(/\|/,$v);

}
}
}

You're right about the missing %. The many other regexes in the code
have it, so it was a typo. Unfortunately it didn't fix the problem. I
do the exact same steps in IE and in Firefox but Firefox eventually
goes back to the login page and yet the cookie exists in the cache.
Perhaps the cookie-setting code is wrong : ...?

sub set_cookie {
local($z) = unpack('H*',$_[0]);
print "Set-Cookie: mycookiename=$z;";
print " path=/;";
print " expires=Mon, 1-Jan-2030 00:00:00 GMT;";
# print " domain=.coder-world.de;";
print "\n";
}

this is where it redirects to the login page. I enter similar subs on
previous requests and $USERname exists. But then suddenly it exists no
longer, but only when the request is made from Firefox.

sub myfoo {

unless($USERname){

#.... goes here from FIREFOX, even though the cookie is in the cache

print "Location: page.cgi?action=userlogin\n\n";
exit;
}

#.... goes here from IE
}

Ok, i tried setting the domain which the previous coder had commented
and it worked...
My thanks to Jim, the only one who actually offered a real solution.

 

[Tad McClellan]

My thanks to Jim, the only one who actually offered a real solution.

What's up today?

This is like the 4th "config file" entry today.

Must be something in the water...