Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Grab username from WP Cookie

by Anonymous Monk
on Apr 01, 2020 at 13:46 UTC ( #11114907=note: print w/replies, xml ) Need Help??


in reply to Grab username from WP Cookie

A cookie should be a random nonce that is used as a key to look up session information in a host-side database. Session information is typically stored as a JSON string, or in the Python world as a "pickle." You should find the information that you seek there. If you do find the information that you want in the text of the cookie, you will need to in some way loop through the entire list of cookies and apply some regular-expression which will strip-away the hash (and indicate that the cookie matches the format you expect). But I would look at the session-database on the host first.

Replies are listed 'Best First'.
Re^2: Grab username from WP Cookie
by Your Mother (Bishop) on Apr 01, 2020 at 14:20 UTC

    There should never be any information stored in a session cookie at all other than the name and session key. Anything else is bad security. Recommending parsing the putative JSON with regex is bad programming. Answering a PHP question with Python handwaving is bad forum participation.

      There should never be any information stored in a session cookie at all other than the name and session key. Anything else is bad security.

      Mojolicious has a different philosophy: its session data is actually stored in the session cookie, but it is cryptographically signed with the app's secret keystring to prevent tampering.

        I am surprised to hear that. I can understand the functional benefit and the desire and effort to make it as secure as possible but I reject leaving data on the client and passing it in headers that have to go through various proxies and app forwarding and such especially where HTTPS is not completely enforced.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11114907]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2020-10-25 06:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favourite web site is:












    Results (249 votes). Check out past polls.

    Notices?