I'm having very strange cookie problems with
one of my sites. I can log on fine from IE, Opera, and Mozilla, but only IE seems to accept my cookie. I have no idea why this is happening. It's been going on for a little while now, but my site gets pretty much no traffic and what little traffic it gets is from IE, so this never used to be an issue.
Here's the code I use to authenticate a user:
sub authenticate
{
my ($user, $pass);
if($query->param("user"))
{
$user = $query->param("user");
$pass = md5_hex($query->param("pass"));
}
elsif($query->cookie("lyr_bat"))
{
($user, $pass) = split /-/, $query->cookie('lyr_bat');
}
if($user and $pass)
{
my $users = $conn->query("SELECT * FROM lyr_users WHERE user =
+ ?", $user);
if($pass eq $users->field("pass"))
{
$users->field("last_logon", time);
$users->update("id");
$cur_user = $user;
return $query->cookie(-name => 'lyr_bat', -value => "$user
+-" . $users->field("pass"), -expires => '+10m', -path => '/') unless
+$query->param("node") eq "logout";
}
}
if($query->param("node") eq "logout")
{
if($user)
{
my $users = $conn->query("SELECT * FROM lyr_users WHERE u
+ser = ?", $user);
$users->field("last_logon", 0);
$users->update("id");
}
$cur_user = undef;
return $query->cookie(-name => 'lyr_bat', -value => '');
}
return [];
}
Basically it just authenticates the user and if the authentication is successful, the username is saved in $cur_user. The return value of the sub is an anonymous array suitable for passing to CGI::header. The code definitely authenticates properly because I can log in. It's the saving of the cookie that causes the problem. The code that actually prints the header is:
my $cookie = authenticate();
print $query->header(-cookie => $cookie);
I'm at a loss here. I'd appreciate any help. BTW, I've tried removing the -path and -expires section: no dice.
TIA,
Bill
