Passing custom sessionID to cookie 'value'

[Robert TV]

Hello, i'm writing a script to generate a md5 sessionID and then set it to a
cookie. I'll show you the script first:

#!/usr/bin/perl

use CGI;
use CGI::Cookie;
use CGI::Carp qw(fatalsToBrowser);
use Digest::MD5 'md5_hex';

$timeID = localtime;
$sessionID = md5_hex("$timeID"); #create sessionID out of localtime
$cookie = new CGI::Cookie(-name=>'sessionID', #cookie name
-value=>'$sessionID', # cookie value
-expires=>'+30m',
-path=>'/cgi-bin',
-secure=>0);
print header(-cookie=>$cookie);
print "Cookie Set Sucessfully:<br>";
print "$sessionID";
exit;

All of the above works fine without error ... BUT ... the cookie -value
being stored is not correct. After the cookie is set, I have other code that
gets the cookie info back:

#!/usr/bin/perl

use CGI;
use CGI::Carp qw(fatalsToBrowser);
use CGI::Cookie;

%cookies = fetch CGI::Cookie;
$id = $cookies{'sessionID'}->value;
print "Content-Type: text/html\n\n";
print "$id";
exit;

This script also works fine to but the -value is wrong ... its not the long
hex md5 value, it's just "$sessionID":

Print Results:
$sessionID

Should so something like:
be528981d4f33fa95d69472068a955aa

See what's happening? The cookie -value being stored is just "$sessionID"
not the VALUE of the $sessionID variable generated in the first script. Can
anyone help me? TIA!

Robert

 

[Robert TV]

Actually, I figured it out. I just had to remove the ' 's around $sessionID
in the write cookie script.

Robert

 

[Juha Laiho]

Hello, i'm writing a script to generate a md5 sessionID and then set it to a
cookie. I'll show you the script first:

#!/usr/bin/perl

use CGI;
use CGI::Cookie;
use CGI::Carp qw(fatalsToBrowser);
use Digest::MD5 'md5_hex';

A nit, but use something that is not predictable as the session id.
MD5 of something that is predictable is still predictable, and localtime
is rather easily predictable. Output of 'rand' should be ok; so, instead of

$timeID = localtime;
$sessionID = md5_hex("$timeID"); #create sessionID out of localtime

have

$sessionID = md5_hex(rand());


And while you're at it, read the perl FAQ to find answer to the question
'What's wrong with always quoting "$vars"?' . Also, running your code
without warnings and without strictures (so, neither "use warnings;", nor
"use strict;" lines in the beginning of your code) is asking for trouble.
Enabling these will require slightly more work to write your scripts, but
it'll also most probably save you from some error situations often enough
to more than make up the added effort.