Should I use Storable or FreezeThaw to serialize Perl data as a cookie value?

I would like to store some data in a cookie, and my original package had to package it myself, but then I remembered that there is a module for everything.

I looked at Storable

and FreezeThaw

. Both seem to fit, although the latter mentions the string specifically and seems to serialize to a string without newlines, whereas Storable creates a string containing newlines.

Which module is best for my application, or is there something even more appropriate?

+2


source to share


5 answers


If storing data in a cookie is really what you want to do and sessions are not good, I would go with Storable

plus MIME::Base64

to make cookies safe. Possibly added Digest::HMAC

to protect against unauthorized access and / or Crypt::Rijndael

to make the data completely opaque to the user, if necessary.



+3


source


It is generally not recommended to store large chunks of data in client cookies, both for security and compatibility reasons. Instead, I would recommend using something like CGI :: Session , which will give you automatic session cookies and you can store the data in a table or file server side. Then it doesn't matter which serialization method you use.



+4


source


Do not store real data in cookies. Store some id that allows you to look up the cookie data on the server side. So don't use any of the modules. :)

+3


source


Both Storable and FreezeThaw can produce non-printable or other problematic characters as well as newlines. But most of the modules that will generate and parse the cookie headers for you will automatically encode any characters that need it, so you don't have to worry about that.

But I would recommend storing more complex server-side data servers.

+2


source


I ended up using Storable and encrypted the result before putting it into the cookie:

use CGI::Cookie;
use Storable qw(freeze);
use Crypt::CBC;

my $data = {
    'ID'  => 7,
    'foo' => 'bar',
};

my $cipher = Crypt::CBC->new(
    -cipher => 'Rijndael',
    -header => 'none',
    -key    => $key,
    -iv     => $iv,
);

my $enc = $cipher->encrypt_hex(freeze($data));
my $cookie = CGI::Cookie->new(
    -name   => 'oatmeal',
    -value  => $enc,
);

      

+2


source







All Articles