| [reply] |
Quote from article:
The wrong way to use cookies, therefore, is to have a login form, and on successful login, send out a cookie that lasts until year 2003 to that browser. That's bad. I can't login on another browser, and if I forget to logout of a browser at an ``internet cafe'', the next user who stumbles across the same website is (gasp!) already logged in as me!
Erm like Perlmonks does :-}
What we have here of course is a trade off between security and usability. The most secure access is lock the machine in a safe, and bury it in concrete, but thats not very usable. Whilst semi-permanent cookies for login control are less secure in the arena of something like perlmonks its less of an issue than say your online internet bank account :)
---If it doesn't fit use a bigger hammer
| [reply] |
Many sites have checkbox 'Remember me' in their login form which affects cookie lifetime (i.e. cookie lasts only for browser session or cookie will be expired in next several years). Perlmonks is not exception.
I think it is quite reasonable approach. I have this checkbox checked when I visit perlmonks from home and I don't check it when I visit perlmonks from other places.
--
Ilya Martynov
(http://martynov.org/)
| [reply] |
I don't know of another way than setting the cookie and then reading it again to check if it's present.
alex pleiner <alex@zeitform.de>
zeitform Internet Dienste
| [reply] |
projekt21 is right. The client server relationship between the web browser and the server consists of the browser contacting the server and requesting a page. The request for the page will include any relevent cookies (ie ones that match the domain). So you need to set a cookie in your response and then if you dont recieve the cookie next time the browser makes a request assume that cookies are disabled
You may be able to get some javascript to detect the state of cookies and then adjust any furtehr requests to say "I dont do cookies" (a cookies=no parameter in a hidden form) but it will still be a two stage process of you sending a page with the javascript in first and waiting for the next page that the browser requests.
---If it doesn't fit use a bigger hammer
| [reply] |