Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Which also stores usernames and passwords in plain text in a cookie? Well, obfuscated, at least as much as basic-auth is...

    Quite shocked me when I looked closely at my slashdot / use.perl cookies.


    • FWIW: No usernames are stored, the user IDs are. And the MD5 hash of the password, not plaintext, is stored, which can be used to log in if you also have the user ID. Also, there is an option in your password prefs to not store the cookie information.

      And you can always click "Logout" to delete your cookie, too.

      As to the proper deleting of a cookie: setting the expiration date is the recommended method. In this Netscape doc [], for example, it says: If a CGI script wishes to delete a cookie, it can do so by returning a cookie with the same name, and an expires time which is in the past.