Cookies and LWP and shopping sites

Richard Sharpe (sharpe@ns.aus.com)
Tue, 28 Apr 1998 11:14:24 +0900

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: JP May: "Re: Cookies and LWP and shopping sites"
Previous message: Otis Gospodnetic: "Re: the great Perl Sockest Slowdown mystery"
Next in thread: JP May: "Re: Cookies and LWP and shopping sites"
Reply: JP May: "Re: Cookies and LWP and shopping sites"
Maybe reply: Roy T. Fielding: "Re: Cookies and LWP and shopping sites"

Hi,

it does appear easy to have LWP use cookies. For example, the following
seems to add cookies to a request before making it:

$cookie_jar = new HTTP::Cookies;

$cookie_jar -> set_cookie(1, 'SESSION_ID', $user, '/',
'.sell.net','80',0,0,10000);  # A cookie that lives for 10,000 seconds ...

$ua -> cookie_jar($cookie_jar);   

This cookie is then submitted in the request.

A lot of shops out there use cookies in a fairly in-secure way to encode
user-ids that are picked up on the next request to the store.

What is to stop someone snooping them and using LWP to hijack user
accounts? Or  guessing userids ...

Regards
-------
Richard Sharpe, sharpe@ns.aus.com, NIC-Handle:RJS96
NS Computer Software and Services P/L, 
Ph: +61-8-8281-0063, FAX: +61-8-8250-2080, 
Linux, AIX, Digital UNIX, ULTRIX, SunOS, Samba, Apache, NetScape,
StrongHold, Perl, C, PPP ...

Next message: JP May: "Re: Cookies and LWP and shopping sites"
Previous message: Otis Gospodnetic: "Re: the great Perl Sockest Slowdown mystery"
Next in thread: JP May: "Re: Cookies and LWP and shopping sites"
Reply: JP May: "Re: Cookies and LWP and shopping sites"
Maybe reply: Roy T. Fielding: "Re: Cookies and LWP and shopping sites"