Depending on how paranoid you are you can also set the "secure connection" flag on the cookie, so the cookie will only be send via encrypted connections.Does this work using http? (A given session may go back and forth between http and https.)
In that case, you should not use this flag.A cookie will normally be sent back to servers in the domain that created it by both http and https. This is the behavior that you want if your sessions go back and forth between the protocols (for example if you only secure the login page to protect the password) .
If you enable the "secure connection" feature, the cookie will only be returned to servers by https. It will be ignored for normal http.
You might want to check the perldoc for CGI::Cookie, it explains all the options for cookies.
Thilo
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.