Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CGI::Application::PlCGUserpContributedPPerlnDocumentationion::Store::Cookie(3)

NAME
       CGI::Application::Plugin::Authentication::Store::Cookie - Cookie	based
       Store

SYNOPSIS
	use base qw(CGI::Application);
	use CGI::Application::Plugin::Session;
	use CGI::Application::Plugin::Authentication;

	 __PACKAGE__->authen->config(
	       STORE =>	['Cookie', SECRET => "Shhh, don't tell anyone",	NAME =>	'CAPAUTH_DATA',	EXPIRY => '+1y'],
	 );

DESCRIPTION
       This module uses	a cookie to store authentication information across
       multiple	requests.  It works by creating	a cookie that contains the
       information we would like to store (like	the name of the	user that is
       currently authenticated), and then base64 encoding the data.  In	order
       to ensure that the information is not manipulated by the	end-user, we
       include a CRC checksum that is generated	along with our secret.	Since
       the user	does not know the value	of the secret, they will not be	able
       to recreate the checksum	if they	change some of the values, so we will
       be able to tell if the information in the cookie	has been manipulated.

THE SECRET
   Choosing a good secret
       An easy way to generate a relatively good secret	is to run the
       following perl snippet:

	 perl -MDigest::MD5=md5_base64 -l -e 'print md5_base64($$,time(),rand(9999))'

       Just use	the resulting string as	your secret.

   Configuring the secret
       There are three ways that you can provide a secret to the module:

       Hardcode	the secret
	   You can hardcode a secret right in the
	   CGI::Application::Plugin::Authentication::Store::Cookie module, so
	   that	you don't have to remember to provide one every	time you use
	   the module.	Just open the source in	a text editor and look at the
	   top of the file where it defines 'our $SECRET' and follow the
	   instruction listed there.

       Provide the SECRET option when using the	module
	   You can also	just provide the secret	as an option when using	the
	   module using	the SECRET parameter.

	     __PACKAGE__->authen->config(
		   STORE => ['Cookie', SECRET => "Shhh,	don't tell anyone"],
	     );

       Let the module choose a secret for you
	   And lastly, if you forget to	do either of these, the	module will
	   use the name	of your	application as the secret, but that is not a
	   very	good value to use, so a	warning	will be	spit out everytime it
	   uses	this.  This is the least desirable choice, and is only
	   included as a last resort.

DEPENDENCIES
       This module requires the	following modules to be	available.

       MIME::Base64
       Digest::SHA
       CGI::Cookie

METHODS
   fetch
       This method accepts a list of parameters	and fetches them from the
       cookie data.

   save
       This method accepts a hash of parameters	and values and stores them in
       the cookie data.

   delete
       This method accepts a list of parameters	and deletes them from the
       cookie data.

   initialize
       This method will	check for an existing cookie, and decode the contents
       for later retrieval.

   cookie_name
       This method will	return the name	of the cookie

SEE ALSO
       CGI::Application::Plugin::Authentication::Store,
       CGI::Application::Plugin::Authentication, perl(1)

AUTHOR
       Cees Hek	<ceeshek@gmail.com>

LICENCE	AND COPYRIGHT
       Copyright (c) 2005, SiteSuite. All rights reserved.

       This module is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

DISCLAIMER OF WARRANTY
       BECAUSE THIS SOFTWARE IS	LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
       FOR THE SOFTWARE, TO THE	EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
       WHEN OTHERWISE STATED IN	WRITING	THE COPYRIGHT HOLDERS AND/OR OTHER
       PARTIES PROVIDE THE SOFTWARE "AS	IS" WITHOUT WARRANTY OF	ANY KIND,
       EITHER EXPRESSED	OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
       ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF	THE SOFTWARE IS	WITH
       YOU. SHOULD THE SOFTWARE	PROVE DEFECTIVE, YOU ASSUME THE	COST OF	ALL
       NECESSARY SERVICING, REPAIR, OR CORRECTION.

       IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR	AGREED TO IN WRITING
       WILL ANY	COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
       REDISTRIBUTE THE	SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE
       TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
       CONSEQUENTIAL DAMAGES ARISING OUT OF THE	USE OR INABILITY TO USE	THE
       SOFTWARE	(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
       RENDERED	INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
       FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
       SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
       DAMAGES.

perl v5.24.1	    CGI::Application::Plugin::Authentication::Store::Cookie(3)

NAME | SYNOPSIS | DESCRIPTION | THE SECRET | DEPENDENCIES | METHODS | SEE ALSO | AUTHOR | LICENCE AND COPYRIGHT | DISCLAIMER OF WARRANTY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CGI::Application::Plugin::Authentication::Store::Cookie&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help