ch19.htm

this is a book on pearl , simple example with explanation is given here. it could be beneficial for

</PRE>

</BLOCKQUOTE>

<P>

The output might look like this:

<BLOCKQUOTE>

<PRE>

Redirecting STDERR to STDOUT

Setting Limits (CPU)

Environment Variables:

   QUERY_STRING: ''

   PATH_INFO: '/~dbewley/cookie-test.pl'

   REMOTE_HOST: 'x2s5p10.dialin.iupui.edu'

   REMOTE_ADDR: '134.68.249.69'

   SCRIPT_NAME: '/cgi-bin/cgiwrapd'

Trying to extract user/script from PATH_INFO

Extracted Data:

   User:  'dbewley'

   Script:  'cookie-test.pl'

Stripping user and script data from PATH_INFO env. var.

Adding user and script to SCRIPT_NAME env. var.

Modified Environment Variables:

   PATH_INFO: ''

   SCRIPT_NAME: '/cgi-bin/cgiwrapd/dbewley/cookie-test.pl'

Sanitize user name: 'dbewley'-'dbewley'

Sanitize script name: 'cookie-test.pl'-'cookie-test.pl'

Log Request

   Opening log file.

   Writing log entry.

   Closing log file.

   Done logging request.

User Data Retrieved:

   UserName: 'dbewley'

   UID: '8670'

   GID: '200'

   Directory: '/home/stu/d/dbewley'

UIDs/GIDs Changed To:

   RUID: '8670'

   EUID: '8670'

   RGID: '200'

   EGID: '200'

Current Directory:  '/sparcus/users/dbewley/www/cgi-bin'

Results of stat:

   File Owner: '8670'

   File Group: '200'

   Exec String:  './cookie-test.pl'

Output of script follows:

=====================================================

Set-Cookie: user=dbewley; expires=Wednesday, 09-Nov-99 00:00:00 GMT;

path=/cgi-bin/; domain=.engr.iupui.edu; 

Set-Cookie: flag=black; expires=Wednesday, 09-Nov-99 00:00:00 GMT; path=/

cgi-bin/; domain=.iupui.edu; 

Set-Cookie: car=honda:accord:88:LXI:green; expires=Wednesday, 09-Nov-99

00:00:00 GMT; path=/cgi-bin/; domain=.engr.iupui.edu; 

Content-type: text/html

Cookies:&lt;BR&gt;

flag = black&lt;br&gt;

car = honda:accord:88:LXI:green&lt;br&gt;

user = dbewley&lt;br&gt;

</PRE>

</BLOCKQUOTE>

<P>

This output can be invaluable if your script is dying because

of a syntax error before it can print an HTTP header to the browser.

<BR>

<p>

<CENTER>

<TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=80%>

<TR><TD><B>Note</B></TD></TR>

<TR><TD>

<BLOCKQUOTE>

If you'd like a more in-depth description of CGI Security, visit these Web sites:</BLOCKQUOTE>



</TD></TR>

</TABLE>

</CENTER>

<P>

<BLOCKQUOTE>

<PRE>

http://www.csclub.uwaterloo.ca/u/mlvanbie/cgisec/# CGI Security Tutorial

http://www.umr.edu/</FONT><FONT SIZE=1 FACE="Courier">~</FONT><FONT SIZE=2 FACE="Courier">cgiwrap/   # CGIwrap Home Page

</PRE>

</BLOCKQUOTE>

<H2><A NAME="Cookies"><FONT SIZE=5 COLOR=#FF0000>

Cookies</FONT></A></H2>

<P>

Most Webmasters want to track the progress of a user from page

to page as they click about the site. Unfortunately, HTTP is a

<I>stateless</I> protocol. Stateless protocols have no memory;

they only understand the current command. This makes tracking

a visitor through a site difficult at best. A user could visit

a site, leave, and come back a day or a minute later, possibly

from a different IP address. The site maintainer has no way of

knowing if this is the same browser or not.

<P>

One answer to this dilemma is to use <I>cookies</I> in your CGI

programs. Cookies can provide a way to maintain information from

one HTTP request to the next-remember the coNCept of persistent

information?

<P>

A cookie is a small chunk of data, stored on the visitor's local

hard drive by the Web server. It can be used to track your path

through a Web site and develop a visitor's profile for marketing

or informational purposes. Cookies can also be used to hold information

like account numbers and purchase decisions so that shopping applications

can be created.

<H3><A NAME="CookieSecurity">

Cookie Security</A></H3>

<P>

There has been some controversy about whether cookies are secure.

Although the cookie mechanism provides a way for a Web server

to write data to your hard disk the limitations are very strict.

A client may only hold a maximum of 300 cookies at a time and

a single server may only give 20 cookies to it.  Cookies can only

be 4 kilobytes each, iNCluding the name and data, so, at most,

a visitor's hard disk may have 1.2 megabytes of hard disk being

used to store cookies. In addition, cookie data may only be written

to one file, usually called <TT>cookies.txt</TT>.

<P>

During a browsing session, Netscape stores cookies in memory,

but when the browser is exited, cookies are written into a file

called <TT>cookies.txt</TT>. On the

Macintosh, the cookie jar is in a file called <TT>MagicCookie</TT>

in the prefereNCes folder. The cookie file contains plain text

as shown in Listing 19.3.

<H3><A NAME="HowAreCookiesCreatedandRead">

How Are Cookies Created and Read?</A></H3>

<P>

Cookies are set using a <TT>Set-cookie</TT>:

HTTP header with five possible fields separated with a semicolon

and a space. These fields are:

<UL>

<LI><B>cookie-name=cookie-value;</B>-name of the cookie and its

value. The name and the value combined must be less than 4 kilobytes

in length.

<LI><B>expiration=expiration-date;</B>-the date the cookie will

be deleted from the cookie file. You can delete a previously set

cookie ahead of schedule by creating a second cookie with the

same name, path, and domain, but with an expiration date in the

past.

<LI><B>path=cookie-path;</B>-combines with the domain name to

determine when a browser should show a cookie to the server.

<LI><B>domain=server-domain;</B>-used to determine when a browser

should show a cookie to the server. Usually, cookies are created

with the Web server's name without the <TT>www</TT>.

For example, <TT>.foo.net</TT> instead

of <TT>www.foo.net</TT>. Notice that

the leading period is retained.

<LI><B>secure</B>-ensures that the cookie will be sent back only

to the server when a secure HTTP connection has been established.

</UL>

<P>

When all of these elements are put together, they look like this:

<BLOCKQUOTE>

<PRE>

Set-Cookie: user_addr=ppp1.dialin.iupui.edu;

expires=Wednesday, 09-Nov-99 00:00:00 GMT; path=/cgi-bin/;

domain=.engr.iupui.edu; secure

</PRE>

</BLOCKQUOTE>

<P>

Listing 19.4 contains a program that both sets and read cookies.

First, it will create four cookies and then it will read those

cookies from the <TT>HTTP_COOKIE</TT>

environment variable. Inside the <TT>HTTP_COOKIE</TT>

environment variable, the cookies are delimited by a semicolon

and a space. The cookie fields are separated by commas, and the

name-value pairs are separated by equal signs. In order to use

cookies, you need to parse the <TT>HTTP_COOKIE</TT>

variable at three different levels.

<P>

<IMG SRC="pseudo.gif" BORDER=1 ALIGN=RIGHT><p>

<BLOCKQUOTE>

<I>Turn on the warning option.<BR>

Turn on the strict pragma.<BR>

Declare a variable to hold the expiration date and time of the

cookies.<BR>

Declare a variable to hold the domain name.<BR>

Declare a variable to hold the path name.<BR>

Set four cookies with different values.<BR>

Read those four cookies from the environment; place them into

</I><TT><I>%cookies</I></TT><I>.<BR>

Start the HTML Web page.<BR>

Display a text heading on the Web page.<BR>

Start an HTML table.<BR>

Display each cookie in a table row.<BR>

End the table.<BR>

End the Web page.<BR>

Define the </I><TT><I>setCookie()</I></TT><I>

fuNCtion.<BR>

Create local variables from the parameter array.<BR>

Send the </I><TT><I>Set-Cookie:</I></TT><I>

HTTP header to the Web browser.<BR>

Send the secure option only if requested.<BR>

End the header with a newline.<BR>

Define the </I><TT><I>getCookies()</I></TT><I>

fuNCtion.<BR>

Create a local hash to hold the cookies.<BR>

Iterate over an array created by splitting the </I><TT><I>HTTP_COOKIE</I></TT><I>

environment<BR>

variable based on the &quot;;&quot; character sequeNCe.<BR>

Split off the name of the cookie.<BR>

Create a hash entry with the cookie's name as the key and the

rest of the cookie as the entry's value.<BR>

Return the hash.</I>

</BLOCKQUOTE>

<HR>

<BLOCKQUOTE>

<B>Listing 19.4&nbsp;&nbsp;19LST04.PL-How to Set and Retrieve

Cookies<BR>

</B>

</BLOCKQUOTE>

<BLOCKQUOTE>

<PRE>

#!/usr/local/bin/perl -w

use strict;



my($expDate)   = &quot;Wednesday, 09-Nov-99 00:00:00 GMT&quot;;

my($theDomain) = &quot;.engr.iupui.edu&quot;;

my($path)      = &quot;/cgi-bin/&quot;;



setCookie(&quot;user&quot;, &quot;dbewley&quot;, $expDate, $path, $theDomain);



setCookie(&quot;user_addr&quot;, $ENV{'REMOTE_HOST'}, $expDate, $path, $theDomain)

    if defined($ENV{'REMOTE_HOST'});



setCookie(&quot;flag&quot;, &quot;black&quot;, $expDate, $path, &quot;.iupui.edu&quot;);

setCookie(&quot;car&quot;, &quot;honda:accord:88:LXI:green&quot;, $expDate, $path, 

$theDomain);



my(%cookies) = getCookies();



print(&quot;Content-type: text/html\n\n&quot;);

print(&quot;&lt;HTML&gt;&quot;);

print(&quot;&lt;HEAD&gt;&lt;TITLE&gt;The Cookie Display&lt;/TITLE&gt;&lt;/HEAD&gt;&quot;);

print(&quot;&lt;BODY&gt;&quot;);

print(&quot;&lt;H1&gt;Cookies&lt;/H1&gt;&quot;);

print(&quot;&lt;TABLE BORDER=1 CELLPADDING=10&gt;&quot;);

foreach (sort(keys(%cookies))) {

    print(&quot;&lt;TR&gt;&lt;TD&gt;$_&lt;/TD&gt;&lt;TD&gt;$cookies{$_}&lt;/TD&gt;&lt;/TR&gt;&quot;);

}

print(&quot;&lt;/TABLE&gt;&quot;);

print(&quot;&lt;/BODY&gt;&quot;);

print(&quot;&lt;/HTML&gt;&quot;);





sub setCookie {

    my($name, $val, $exp, $path, $dom, $secure) = @_;



    print(&quot;Set-Cookie: &quot;);

    print(&quot;$name=$val, expires=$exp, path=$path, domain=$dom&quot;);

    print(&quot;, $secure&quot;) if defined($secure);

    print(&quot;\n&quot;);

}



sub getCookies {

    my(%cookies);



    foreach (split (/; /,$ENV{'HTTP_COOKIE'})){

        my($key) = split(/=/, $_);



        $cookies{$key} = substr($_, index($_, &quot;=&quot;)+1);

    } 

    return(%cookies);

}

</PRE>

</BLOCKQUOTE>

<HR>

<P>

This program shows that the Web server stores a copy of any cookies

that you set into the <TT>HTTP_COOKIE</TT>

environment variable. It only performs one level of parsing. In

order to create a really useful <TT>getCookies()</TT>

fuNCtion, you need to split the cookie on the comma character

and then again on the equals character.

<H3><A NAME="CanaVisitorsBrowserSupportCookies">

Can a Visitor's Browser Support Cookies?</A></H3>

<P>

One difficulty that you may have in using cookies is that not

every browser can support them. If you are using cookies, you

need a user-friendly way of telling a visitor that the feature

he or she is  trying to use is not available to him or her.

<P>

Listing 19.5 contains a script that shows you a nice way of automatically

determining if a visitor's Web browser supports cookies. The CGI

program will set a cookie and then redirect the visitor's Web

browser back to itself with some additional path information.

When the script (during its second invocation) sees the extra

path information, it checks for the previously created cookie.

If it exists, the visitor's browser has passed the test. Otherwise,

the visitor's browser does not support cookies.

<P>

<IMG SRC="pseudo.gif" BORDER=1 ALIGN=RIGHT><p>

<BLOCKQUOTE>

<I>Turn on the warning option.<BR>

<I>Turn on the strict pragma.<BR>

<I>If there is no query information, then set a cookie and reload

the script.<BR>

<I>Otherwise, see if the cookie set before the reload exits.<BR>

<I>If the cookie exists, the browser supports cookies.<BR>

<I>If the cookie does not exist, the browser does not support

cookies.</I></I></I></I></I></I>

</BLOCKQUOTE>

<HR>

<BLOCKQUOTE>

<B>Listing 19.5&nbsp;&nbsp;19LST05.PL-How to Tell Whether  the

Visitor's Browser Supports Cookies<BR>

</B>

</BLOCKQUOTE>

<BLOCKQUOTE>

<PRE>

#!/usr/bin/perl -w

use strict;



if ($ENV{'QUERY_STRING'} ne 'TESTING') {

    print &quot;HTTP/1.0 302 Moved Temporarily\n&quot;; 

    print &quot;Set-Cookie: Cookie=Test\n&quot;;

    print &quot;Location: $ENV{'SCRIPT_NAME'}?TESTING\n\n&quot;;

}

else {

    if ($ENV{'HTTP_COOKIE'} =~ /Cookie=Test/) {

        print(&quot;Content-type: text/html\n\n&quot;);

        print(&quot;&lt;HTML&gt;&quot;);

        print(&quot;&lt;HEAD&gt;&lt;TITLE&gt;$ENV{'HTTP_USER_AGENT'} supports Cookies

&lt;/TITLE&gt;&lt;/HEAD&gt;&quot;);

        print(&quot;&lt;BODY&gt;&quot;);

        print(&quot;Your browser, $ENV{'HTTP_USER_AGENT'}, supports the

Netscape HTTP &quot;);

        print(&quot;Cookie Specification.&quot;);

        print(&quot;&lt;/BODY&gt;&lt;/HTML&gt;&quot;);

    }

    else {