http://qs321.pair.com?node_id=30806

rodry has asked for the wisdom of the Perl Monks concerning the following question:

I have a private area in a website that I protected using HTTP authentication. That is, I password-protected a directory and its files.

However, I did not realize that since the pages in that directory call scripts from /cgi-bin (which anyone can access), that those pages are not really that secure.

Which raises the question, for which situations are cookies a better choice than HTTP authentication and viceversa.

Thanks in advance.

Originally posted as a Categorized Question.