checking whether user browser has cookies turned on?

Discussion in 'Perl Misc' started by Kenjis Kaan, Sep 2, 2003.

  1. Kenjis Kaan

    Kenjis Kaan Guest

    I am developing a web application that make use of the user browser's
    cookies
    mechanism. Specifically my application will try to retrieve a session
    key from the user's browser. However I have a problem. My program
    doesn't know how to handle the case when the user's browser has the
    cookies mechanism turned OFF!
    This is because I don't know how to find out from perl code whether
    the user's browser has cookies turned off or on?? I am using CGI.pm
    Any ideas how to solve this problem?
     
    Kenjis Kaan, Sep 2, 2003
    #1
    1. Advertising

  2. Kenjis Kaan

    Mina Naguib Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Kenjis Kaan wrote:
    > I am developing a web application that make use of the user browser's
    > cookies
    > mechanism. Specifically my application will try to retrieve a session
    > key from the user's browser. However I have a problem. My program
    > doesn't know how to handle the case when the user's browser has the
    > cookies mechanism turned OFF!
    > This is because I don't know how to find out from perl code whether
    > the user's browser has cookies turned off or on?? I am using CGI.pm
    > Any ideas how to solve this problem?


    First hit to the site:
    1. Send test cookie
    2. Send page that re-directs (via meta-refresh and/or javascript) to a cookie-checker CGI
    3. In the CGI, check to see if test cookie was received or not. Output another redirect to your
    site's main page (via HTTP Location: header) on success, or an error message/apology/instructions on
    failure.


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQE/VQMfeS99pGMif6wRAi/SAKDqkew0sSP8KG8LglZE01xXfV36FACg83pj
    VNGW/XtH2We1mhl1KtbhJ1M=
    =+zfg
    -----END PGP SIGNATURE-----
     
    Mina Naguib, Sep 2, 2003
    #2
    1. Advertising

  3. Mina Naguib wrote:

    >> Specifically my application will try to retrieve a session
    >> key from the user's browser.


    > 3. In the CGI, check to see if test cookie was received or not. Output
    > another redirect to your site's main page (via HTTP Location: header) on
    > success,


    and switch to using another method for session tracking (e.g. query string)
    on a failure.

    > or an error message/apology/instructions on failure.

    ^W^W^W^W^W^W^W^W

    --
    David Dorward http://dorward.me.uk/
     
    David Dorward, Sep 2, 2003
    #3
  4. On Tue, Sep 2, Kenjis Kaan inscribed on the eternal scroll:

    > I am developing a web application that make use of the user
    > browser's cookies mechanism.


    Then you're in the wrong place here: the closest match would probably
    be comp.infosystems.www.authoring.cgi

    Once you'd worked out the strategy for what you want to do, then if
    you had problems with programming it in Perl then it would be the
    right time to come back here with those Perl problems.

    > Specifically my application will try to retrieve a session
    > key from the user's browser.


    Wrong mental model. You don't "retrieve" cookies "from the user's
    browser". If you send them one (or more): they might consent to send
    them back, along with their subsequent requests. You get to read them
    if they're there. Your server doesn't get to go raiding their cookie
    store, in other words: the browser model is client-driven, and it
    works better (for you as for them) to keep that in mind.

    > However I have a problem. My program
    > doesn't know how to handle the case when the user's browser has the
    > cookies mechanism turned OFF!


    Take a look in the configuration options of any decent modern browser,
    such as Mozilla. The user can consent to accept cookies selectively
    according to the domain, they can ask to be prompted and accept or
    reject eack cookie as it arrives; they can enable and disable the
    sending of cookies at any moment.

    If you assume, as so many beginners do, that you can just send them a
    test cookie and see whether it comes back again on the next request,
    and then assume that any other cookie will behave like that throughout
    the whole activity, then it's likely that you'll get into quite a
    mess.

    > This is because I don't know how to find out from perl code whether
    > the user's browser has cookies turned off or on??


    You can't know that. So don't ask that question. Send them an
    appropriate cookie (if you feel you must...*). If that cookie
    subsequently arrives with a request, then it arrived and you may use
    it; if it doesn't then you need to do something else. Just why it
    didn't arrive is none of your business, in detail: they might have
    refused it when it arrived; they might have set their browser to
    reject all cookies that come from .com domains; they might have
    accepted it when it came, and later decided to turn cookies off. And
    so on. So stop worrying about whether (and how) they've got cookies
    configured, and focus on whether cookies arrive with a particular
    request.

    > I am using CGI.pm


    A good choice, indeed: but it only gives you convenient access to
    whatever the underlying mechanisms are capable of. Which is what
    counts for the purpose of your current question IMHO.

    good luck

    (* you'll be aware that some users treat cookies as a privacy issue;
    also, the unnecessary use of cookies inhibits cacheability and thus
    makes for a less-responsive web experience).
     
    Alan J. Flavell, Sep 3, 2003
    #4
  5. Mina Naguib <> wrote:
    > Kenjis Kaan wrote:


    >> My program
    >> doesn't know how to handle the case when the user's browser has the
    >> cookies mechanism turned OFF!


    > First hit to the site:
    > 1. Send test cookie
    > 2. Send page that re-directs (via meta-refresh and/or javascript) to a cookie-checker CGI
    > 3. In the CGI, check to see if test cookie was received or not. Output another redirect to your
    > site's main page (via HTTP Location: header) on success, or an error message/apology/instructions on
    > failure.



    Note the language-agnostic answer.

    The question had nothing to do with Perl.


    --
    Tad McClellan SGML consulting
    Perl programming
    Fort Worth, Texas
     
    Tad McClellan, Sep 3, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ollie
    Replies:
    3
    Views:
    432
    Saber
    Jul 24, 2004
  2. Replies:
    1
    Views:
    389
  3. ozgan
    Replies:
    0
    Views:
    563
    ozgan
    Aug 16, 2005
  4. Ollie
    Replies:
    2
    Views:
    193
    Saber
    Jul 24, 2004
  5. Lord Merlin
    Replies:
    0
    Views:
    721
    Lord Merlin
    Apr 11, 2004
Loading...

Share This Page